30

I just reinstalled my work computer to Windows 10 Pro, created a local account, connected to our VPN, joined our domain and logged in with my domain account, no problems so far.

Since the local account is automatically in Admin group, I'd like to add my domain account there as well so that I can install work software and run things as admin without need to provide an admin password every time I do so.

But when I try to add the domain account to admins, it doesn't allow me to add someone from other domain.

When I go to my domain account and try it there, it finds my domain account, but tells me that I don't have persmission to do that. And if I run control panel as admin with my local account, them I'm back where I started.

Why can't I add a domain account to Admin group from my local account? I did that in Win 7, Win 8 and Win 8.1 with no problems, before. Do I have to ask our domain admins to log on to my computer and add me in or is there a way to do it?

Improve this question
2
  • Where are you attempting to do this? In "Computer Management | Local Users and Groups"?
    – Daniel K
    Commented Aug 9, 2015 at 10:32
  • @DanielK Yes. I also tried Management Console, but I guess it's the same.
    – Ondrej Janacek
    Commented Aug 9, 2015 at 10:40

4 Answers 4

Reset to default
44

To add an account as a member of the administrators group you need to be a local administrator already and you need to have rights to read the active directory information. A normal user can do this so what you want to do should be possible:

  1. log on as local admin
  2. connect on the VPN
  3. open Start | Computer Management | Local Users and Groups (or run lusrmgr.msc)
  4. double-click on the 'Administrators' group
  5. click the 'Add...' button

At this point, because you are on the VPN and the machine is a member of the domain, you should be able to click on the 'Locations...' button and select the domain as the location of the user list. At some point an authentication dialogue should pop up and you will need to enter your normal domain credentials.

Screenshot of process

Improve this answer
3
  • 1
    Ah, I have to be connected to VPN, I didn't realize that before, but now it makes sense. Thank you very much.
    – Ondrej Janacek
    Commented Aug 9, 2015 at 11:56
  • And in case when there is no VPN? This is strange ...
    – dmnc
    Commented Sep 27, 2019 at 8:50
  • I would do the same previously, but now they changed administrator to supervisor, and when I try to use my domain name, both with or without domain name, it wont find the user on manage user and group.
    – Hassan Faghihi
    Commented Dec 13, 2020 at 6:25
10

Daniel's answer is a little bit a clue, but it is too complicated (VPN). This task is pretty simple:

Computer has to be already in the domain.

  1. open Start menu and find (by writing) mmc but don't run it yet
  2. if you are logged as a user, click on mmc with right button and use Run as Administrator
  3. Ctrl+M
  4. add Local users and groups
  5. select Groups folder and Administrators record (double click)
  6. add your domain user account

PS: I'm using Windows with different language, if I named something wrong, please edit this answer and correct names, thanks.

Improve this answer
2
  • 1
    This uses the same MMC plugin as the answer by @Daniel K. So you still need to either be on the VPN or be able to reach the domain controller to add domain accounts to a group.
    – Chris
    Commented Mar 25, 2020 at 21:15
  • This procedure worked for me with a slight variation. I couldn't find mmc.msc. I used dsa.msc instead. dsa gets you he Active Directory Users and Computer console. I'm not sure why mmc didn't work. When asked for a username and password, I had to enter a user and password for a user that had Domain administration privileges. I'm using a Samba Active directory. I had to use the user "administrator" and the password I gave Samba when I provisioned the domain. This then worked like a charm for me. I was able to give my user account Administrator privileges.
    – Tom Rutchik
    Commented Jul 31, 2023 at 18:28
0

All the above answers are correct. If you want your Domain User to be a local Admin on the Windows 10 Pro PC, you have to make sure the Domain\User is added to the Admin Group. However, even if you do that, you will still get pop ups saying you don't have permission. This happens because once you join a Domain in Windows 10 Pro it adds Domain\Users to the User Role. You have to remove the Domain\Users from the Users Group. Restart PC and then your Domain User will have local Admin permissions. Cheers.

Improve this answer
-1

by adding a computer to a domain automatically the "domain admins" group is member of local administrators.

For this reason it is usually not required to add specific accounts if they are already member of the domain admins group.

Improve this answer
1
  • 1
    Manually authentifying by entering the domain admin account and password was exactly what OP wanted to avoid.
    – Patrick R.
    Commented Feb 13, 2017 at 17:26

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .