I asked the IT department in our company to remove me from our domain so that some restrictions aimed at all the users within the domain no longer apply to me.
The problem is that when I restart my computer and try to log in, I cannot do so due to the fact that my user account is still somehow tied to the domain and when I try to log in, the system complains about being unable to verify the account against some server.
I was advised to change my domain account into a local account, so I would like to do that. However, I found conflicting information about how to accomplish this.
Option 1: Go to system property -> Computer Name -> Click on Change Button -> Select Member of Local Group instead of domain -> click Apply. [source]
Option 2: Create a new local user -> Go to User Profiles -> Click on domain user -> Click on
Copy to -> Select the new user's directory
Copy to option is grayed out for me)
[same source as above]
Option 3: Use Windows Easy Transfer to do the job.
(Note: When I start the application, it does not allow any other option than importing from a file, so I cannot create a backup.)
Option 4: Create a new profile and move the
C:\Users\local_username. This looks ugly and seems like it could break a lot of things.
So, what should I do? Is one of the options a viable solution? Feel free to explain what I actually want to do, I'm still rather confused about how the system works.
It's not so much that your user is tied to AD, it's that your PC is tied to AD and it's looking to authenticate you.
Anyway, have them undo whatever they did in AD, there's no reason for it and it's just going to cause issues. Just create a local user in
Control Panel > Administrative Tools > Computer Managementthen click "Local Users and Groups" Add a new "local" account to the computer. You're not going to be able to keep your profile from the domain account, you'll have to copy over any files you may need.
You may also want to add this new user to the Administrators group or Power Users on the group tab. you'll have to use the PCNAME\USERNAME convention or search for it in the group dialog box.
Just so you know, your outlook won't work correctly and any access to network shares will have to be authenticated with your AD user - you should get a pop-up when you try to connect.
Honestly, the solution to this issue is to get the IT department some training. There is no reason that you can't have per-user restrictions relaxed in group policy. If I didn't know any better, I'd say you were looking for a way to skirt the AD authentication and security because any IT department worth their salt would have either told you no or fixed the policy to relax the restrictions. /2cents