31.6 Using a DLU in a Domain Environment

Domain authentication is not possible when you do a local login based on the eDirectory credentials and not the domain credentials. Enabling a DLU policy forces the creation and use of a local account that does not have access to domain resources, even if you are logged in to the domain.

When a DLU policy is enforced on devices joined to a domain, it forces a local log in instead of a domain log in. Using a DLU is not supported on a domain controller, because the domain controller has no local Security Accounts Manager (SAM) to provide a local login.

You might want to use a DLU for certain reasons, even when the device is in a domain:

To manage Windows user accounts in an eDirectory environment:

Using a DLU in a domain environment might cause problems in some of the following circumstances: