Active Directory Admin Model
From: Neil Llewellyn (anonymous_at_discussions.microsoft.com)
Date: 05/04/04
- Next message: nelson: "Re: newbee questions"
- Previous message: Cary Shultz [A.D. MVP]: "Re: New Accounts are disabled..."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 4 May 2004 04:21:02 -0700
Hello,
Can anyone help me with the last piece of my puzzle?
The company I work for wants a distributed Administration model. There are around 22 sites in the USA and 9 sites around Europe. No one except for the Enterprise admin team is to have the domain admin passwords.
* We have a single forest and a tree made up of a root domain and two child domains... EU and NA.
* The Current NT4 domains have been collapsed into Regional OUs and authority delegated at this level to a security group (that represents their boundary of authority)above the delegation point.
* The domain Controller (DC) policies have been changed to allow these security Group members to logon locally.
* The Terminal server configuration has been altered to allow them to login to the DC's in admin mode
* They are members of server operator, DHCP ADMIN and DNS ADMIN built in groups
The problem is that at some sites the server structure has been consolidated and they need to be able to Install and manage the server as if they were logged in as local Administrator account. As you know this account doesn't exist on a DC.
Is there anything that can be configured to allow me to get the desired result?
Thanks in advance
Neil
- Next message: nelson: "Re: newbee questions"
- Previous message: Cary Shultz [A.D. MVP]: "Re: New Accounts are disabled..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
