What happens to local user accounts when a computer joins a domain?

We have a computer on our network with some network shares. This computer is NOT part of our domain. In order to allow certain users to access the network shares, we have been creating local accounts on the computer with the same user name and password as the active directory user and adding those (local) users to the permissions list.

For example, this computer (TestComputer) has a local user (UserA) that has been given Full Control of a shared folder (TestFolder). There is also an active directory user with the same name (TESTDOMAIN\UserA). UserA can now browse to \\TestComputer\TestFolder and read or write to it.

What we want to do is join TestComputer to our domain and then give permissions to the active directory user (TESTDOMAIN\UserA) instead and eventually delete the local user (UserA) from TestComputer.

It looks like here shows that joining a computer to a domain doesn't mess with the local accounts. However, it didn't clarify if anything would happen if those local accounts had the same name as active directory accounts. I just need clarification that I can just simply join the computer to the domain, replace the local user permissions with the active directory user and delete (maybe disable) the local user account.


Solution 1:

If the domain has group policy it could potentially change members of users in the local admin and power users group.....or even add in new users. But existing users on the local machine will remain unaffected.

Solution 2:

The only user and\or group change that occurs when joining a computer to a domain is that the domain users group is added to the local users group and the domain admins group is added to the local admins group. Your local user accounts will be unaffected and there will be no conflict with the domain user with the same name. You should be fine going ahead with your plan.

Solution 3:

Should be fine, unless your join the computer to the domain & promote it to a domain controller, in which case you'll no longer have local computer accounts.

You'll also need to fix any NTFS permissions on files local users may have setup, as these won't carry over. Maybe you can use sidhistory with this if it's complicated, it might work?