Use the “net” command to create Admin users on your windows machines.By default, when running an OS X Server as a Windows Primary Domain Controller you do not have any Windows Domain Admins. While your LDAP admin username and password can be used to add a Windows machine to the PDC, it cannot be used to actually administer the windows machine.
To do that, you’re going to need to tell Samba what OS X group you want to use to be Domain Admins on your windows machines. So create a group in Workgroup Manager. Add the users to it that you need to be admins on the windows machines. For example, let’s say we created a group called “winadmins” and added all of our users to it. You would then use the net command on the OS X Server to map the winadmins group to the Domain Admins in the PDC.
sudo net groupmap modify ntgroup="Domain Admins" unixgroup=winadmins
Now log into one of your Windows machines as a user in the winadmins group and you’ll be an admin on the box.
