Regardless of whether the SAP system is installed centrally or as a distributed system, we recommend to set up one domain that contains the SAP system application and database servers.

We strongly recommend that you set up all your SAP system servers in one Windows domain. For short-term test installations or demonstration purposes only, you might install a central SAP system that is not located in a Windows domain. However, we recommend this setup for limited use only. It is difficult to introduce the domain concept to a system that is already in use.

In a central installation on a server in a domain, all SAP system administrators are members of the local group SAP_<SAPSID>_LocalAdmin.

In a distributed installation with several server machines in the domain, a global group is set up for the SAP system (SAP_<SAPSID>_GlobalAdmin). This global group itself is a member of the server's local groups and contains the SAP system administrators. This also simplifies the administration in the client or server environment, since new users who need SAP system administration rights only need to become members of the global group.