What's the difference between users and active directory users in Windows Small Business Server 2003? Which should I use to manage user accounts under which circumstances?
5 Answers
An SBS 2003 server is a domain controller and therefore cannot have local user accounts, they are removed when the server is promoted to a DC.
SBS stores the user accounts you create, in the Users page, in a specific OU in AD. The users area in the SBS console just takes you straight to that OU and presents some wizards for creating users. Using AD Users and Computers would still get you to the same user information, but you would need to go the the SBS OU.
Its best to use the User option in the SBS console as it will ensure all your users will end up in the right area of AD, and give you wizards to do so, but you can use AD users and computers if you want.
SBS 2003 servers, do not have local user accounts, despite what the other answers say.
- 38,158
- 6
- 77
- 113
A user has a local account on the server; an Active Directory user has an account through Active Directory. You can manage local accounts from the server.
- 169
- 1
- 6
The difference is the source of their authentication.
- AD users are authenticated by a domain controller
- Local users are authenticated locally
As far as which to use, it depends. See Do I really need MS Active Directory?
If you have at least one small business server you should probably be using Active Directory users. I say this because having a small business server implies hosting shared data of some kind as well as running a domain. To expand on what aardvark and bofe have already said:
- A local user account is stored entirely on a machine. If UserA needs to log onto 3 different machines then you have to set up a local user account and manage permissions on all 3 machines. This could get cumbersome quickly with more than a handful of machines in your organization.
- An Active Directory account is used in a domain environment. A user can log onto any machine on the domain using the same username and password and you only have to create one account - the Active Directory account. Your usernames, passwords and permissions are largely centralized in this environment.
Using Active Directory also brings up all kinds of new possibilities, such as using Roaming Profiles, Group Policy, etc. You should read the article that bofe posted in his reply, but I would say that since you already paid for a Small Business Server, go ahead and create the domain and Active Directory user accounts. It will be easier in almost all circumstances in the long run.
- 1,039
- 3
- 19
- 21
When using Small Business Server 2003, keep in mind that only users that are stored in Active Directory will be able to gain all the benefits, such as an Exchange mailbox.
- 31
- 2
-
1You can only store use in AD in an SBS server, there are no local accounts on a domain controller – Sam Cogan May 27 '09 at 22:45