Skip to content
Unix Server Solutions
  • Server
  • Apple
  • Database
  • Ubuntu
  • Linux

Windows – How to turn Windows domain account to a local account

active-directoryloginwindowswindows 8windows-domain

I asked the IT department in our company to remove me from our domain so that some restrictions aimed at all the users within the domain no longer apply to me.

The problem is that when I restart my computer and try to log in, I cannot do so due to the fact that my user account is still somehow tied to the domain and when I try to log in, the system complains about being unable to verify the account against some server.

I was advised to change my domain account into a local account, so I would like to do that. However, I found conflicting information about how to accomplish this.

Option 1: Go to system property -> Computer Name -> Click on Change Button -> Select Member of Local Group instead of domain -> click Apply. [source]

Option 2: Create a new local user -> Go to User Profiles -> Click on domain user -> Click on Copy to -> Select the new user's directory
(Note: The Copy to option is grayed out for me)
[same source as above]

Option 3: Use Windows Easy Transfer to do the job.
(Note: When I start the application, it does not allow any other option than importing from a file, so I cannot create a backup.)

Option 4: Create a new profile and move the C:\Users\domain_username to C:\Users\local_username. This looks ugly and seems like it could break a lot of things.

So, what should I do? Is one of the options a viable solution? Feel free to explain what I actually want to do, I'm still rather confused about how the system works.

Best Answer

It's not so much that your user is tied to AD, it's that your PC is tied to AD and it's looking to authenticate you.

Anyway, have them undo whatever they did in AD, there's no reason for it and it's just going to cause issues. Just create a local user in Control Panel > Administrative Tools > Computer Management then click "Local Users and Groups" Add a new "local" account to the computer. You're not going to be able to keep your profile from the domain account, you'll have to copy over any files you may need.

enter image description here

You may also want to add this new user to the Administrators group or Power Users on the group tab. you'll have to use the PCNAME\USERNAME convention or search for it in the group dialog box.

Just so you know, your outlook won't work correctly and any access to network shares will have to be authenticated with your AD user - you should get a pop-up when you try to connect.

Honestly, the solution to this issue is to get the IT department some training. There is no reason that you can't have per-user restrictions relaxed in group policy. If I didn't know any better, I'd say you were looking for a way to skirt the AD authentication and security because any IT department worth their salt would have either told you no or fixed the policy to relax the restrictions. /2cents

Related Solutions

Windows – How to add a Microsoft account user to Windows Server 2012

You still create User accounts the same as you would for any other domain connected PC.

Once the AD account has been created, then the user is about to link their Microsoft account (john.smith@outlook.com) with their AD account (DOMAIN\johnsmith).

Connect your Microsoft Account to your Domain Account.

Windows – How to join local AD domain during Windows 10 install

You can automate the whole process using unattend.xml which is can be placed in the c:\windows\system32\sysprep folder.

This is only part of the file:

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <servicing></servicing>
    <settings pass="specialize">
        <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <Identification>
                <JoinDomain>ad</JoinDomain>
                <JoinWorkgroup></JoinWorkgroup>
                <Credentials>
                    <Domain>domain_goes_here</Domain>
                    <Password>password_goes_here</Password>
                    <Username>username_goes_here</Username>
                </Credentials>
                <MachineObjectOU>OU=here,OU=there,OU=everywhere,DC=etc,DC=domain,DC=etc</MachineObjectOU>
            </Identification>
        </component>

There is no need to even see this screen if you complete the whole unattend.xml file.

Microsoft even provides a tool part of the MDT deployment toolkit to generate this file.

enter image description here

Step

  1. download and install MDT
  2. Copy windows DVD onto hard drive
  3. Launch Windows System Image manager
  4. Bottom left select the install.wim in folder in step 2

enter image description here

  1. Yes
  2. Wait........

When done the Answer file area looks like this

enter image description here

fully load

When done save your answer file.

Make a bootable USB drive and place it in the root folder of the USB drive.

Addition info:

https://win10.guru/windows-10-unattended-install-media-part-3-answer-file-for-oobe/

Related Question