Today one more interesting issue..
Even though a user account have Domain Administrator Rights, was unable to logon to Console of the DC.
Encountered error “The local policy of this system does not permit you to logon interactively”. But was able to logon through terminal services
Verified GPOs, Local Security Policy…etc… but no clue found. To my interest, found that the user account was explicitly added to “Logon Locally” list under Security –> User Rights Management of the Domain Controller Policy.
Upon some more research & googling found a MS article, which helped me in resolving the issue.
After removing the User Account from “Domain Power Users Group”, was able to logon to DC console.
Here is the article link: http://support.microsoft.com/kb/841188