Test Scenario - Mapping Domain User Account To A Local User Account

circle with an i We are no longer updating this content regularly. Please visit our knowledge base for most current version.


Active Directory Domain User account mapping to Windows Local User account feature of ADCE allows the systems administrators to create and manage local account(s) on the workstation. The local account(s) are individually mapped to the users' domain accounts and created for users who interactively log on to the workstation. Windows Local User account is created when the user changes their domain password for the first time using the software.

The Windows Local User account password is managed by the user. Whenever they change their domain account password (using the software), their local account password is also updated.  The default password suffix is '-w0n+' and can be altered by the systems administrator.  The software will use the user’s new domain password and append the password suffix to set the local account password.

The local user accounts can be made member of one or more of the built-in groups on the workstation


  • Supported Microsoft Windows Operating System
    • Microsoft Windows 7.0 or 
    • Microsoft Windows 8.0 or 8.1
  • .NET Framework 
    • .NET Framework 4.0 for SYNERGIX AD Client Extensions 2014
  • Domain Membership in Microsoft Active Directory domain
  • Microsoft Outlook or other EMail client for Microsoft(R) Windows(TM)
  • SYNERGIX AD Client Extensions 2014


Active Directory Domain Environment

  • Single Active Directory Domain environment i.e. Single Forest with Forest Root Domain only example. F10.LOCAL
    • You can setup a more complex Active Directory Domain environment, if needed.  For example, one forest F10.LOCAL with child domains D10.F10.LOCAL, D11.F10.LOCAL and D12.F10.LOCAL and a trusted forest F20.LOCAL with child domains D20.F20.LOCAL, D21.F20.LOCAL and D22.F20.LOCAL


  • Security Group(s)
    • Create a security group called "SYNERGIX ADCE Managed Computers".  The group type may be Domain Global Group or Domain Local Group.
    • Add the test domain computer(s) into the security group "SYNERGIX ADCE Managed Computers"
    • SYNERGIX ADCE Managed Local Groups(This security group is used as a security filter, only the members of this group will mapped to selected  local groups).
    • Add the user to the  SYNERGIX ADCE Managed Local Groups security group
  • Delegate Control
    • Not applicable for configuring this feature
  • Configure domain Group Policy Object
    • Copy SYNERGIX AD Client Extensions Administrative Template file SYNERGIX-ADCE.ADMX to %SystemRoot%\PolicyDefinitions on admin workstation ( must be Windows 7.0 ) 
    • Copy SYNERGIX AD Client Extensions Administrative Template Language file SYNERGIX-ADCE.ADML to %SystemRoot%\PolicyDefinitions\en-US on same admin workstation ( must be Windows 7.0 ) 
    • Using GPMC.MSC, edit existing or new Group Policy Object.
    • In Group Policy Editor, expand COMPUTER CONFIGURATION
    • Expand Administrative Templates
    • Expand SYNERGIX AD Client Extensions
    • Expand Local Users and Groups
    • Select Domain Account Mapping to Local User  Account and right click select properties
    • Click on the Enable radio button to enable the policy setting
    • Enter the user account naming convention as per your requirements (By default %username%-la)  
    • Enter the account password suffix 
    • Enter account restore value,password last set value
    • check mark the groups where the domain user should mapped 


  • Ensure your (admin) account is member of the SYNERGIX ADCE Managed Computers security group
  • Log into a domain computer with the domain account ( your admin account ) that has local administrative privileges on the workstation.
  • Ensure the SYNERGIX AD Client Extensions specific Group Policy settings were applied
    • Launch RSOP.MSC or run GPRESULT.EXE /v to confirm
  • Install SYNERGIX AD Client Extensions software
  • Run gpupdate/force, 
  • Change the password using the ADCE system tray icon menu ‘change password’. After changing the password for the local user new password is generated with the suffix’-w0n+’(by default).
  • Log off and login with the local user account name and password




Test Results

  • Pass or
  • Fail


Test Result Submission

  1. Complete the Test Environment worksheet
  2. Upload test results document file to software test repository
  3. Upload log files
    1. ServiceLogfile.txt
    2. ClientLogfile.txt
    3. Output of GPRESULTS.EXE /V command
Note: You must use ADCE \ Help \ Submit Log Files button to zip up above 3 files and submit



Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk