I have an access to system cmd (the one before you login to domain) and a non admin user located on domain. Since SYSTEM user is considered a higher privilege than admin in windows 7, how do I move one of my domain users to admin privilege on the same domain. I know that using:
net localgroup administrators username /add
will make this account an admin only locally on computer, usually even without connecting it to the network, which is completely useless
help me with syntax or give an example of how to promote an already existing domain user to domain admin while having SYSTEM cmd available

Best Answer

You managed to be a local administrator on that machine, which means you can only manage that particular machine. In order to make changes to the domain, you actually need to manage the domain.

Such is being done through Active Directory Users and Computers. Using this either on the domain controller, or from your own computer and then connecting to the domain controller, can only be done using a user that has enough privileges to do this, such as a membership of Network Administrator or Administrators group.

The only thing you can do with this, is grant a non-admin user local admin to this computer, or perform any other admin tasks on this computer.

