In Microsoft Windows systems, account operators are users who are assigned the responsibility of administering user and group accounts for a network.

To make an individual an account operator, simply make them a member of the Account Operators group. Account operators can administer accounts only on a domain controller, not on a member server or workstation.

Account operators have the preassigned rights to log on locally to a domain controller and to shut down the system.

In addition, account operators have the built-in capacity to create and manage user accounts, global group accounts, and local group accounts, as well as to keep local profiles.

TIP

Account operators should be assigned in enterprise-level networking environments only. In small to medium-sized networking environments, creating and configuring user accounts is usually the responsibility of the administrator.