Re: Confused
From: Sergio Fonseca [MVP] (fonsecase_at_iol.pt)
Date: 07/26/04
- Previous message: Frater: "Re: Possible Administration Issue."
- In reply to: Chris: "Re: Confused"
- Next in thread: Chris: "Re: Confused"
- Reply: Chris: "Re: Confused"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 26 Jul 2004 08:27:18 +0100
Hi,
By default the Enterprise Admins are member of any Child Domain
Administrators group so they are administrators of the child domain, not
(immediately...) to their resources.
By default the Domain Admins of a domain (like the child) are member of the
member servers and computers administrators group, not the domain
administrators group.
With this settings a Enterprise Admin member can add him self to the
required groups so it can administer the Child Domain resources (servers,
computers, etc) but is not able to do it immediately.
Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org
"Chris" <anonymous@discussions.microsoft.com> wrote in message
news:042a01c472b6$69ec1370$3a01280a@phx.gbl...
I only have administrator right now, inside the child
domain I am fine. It is when I log into the child domain
with the a forest root enterprise admin id that I have
problems, my understanding is that enterprise admins have
god rights to all things in all child domains.
Thanks
>-----Original Message-----
>Hi,
>
>By default, the members of the Domain Admins group
are "administrators" of
>the member servers of domain.
>Who do you have in the domain "domain admins" and in the
member servers
>local administrators group ?
>
>Qualquer sugestão deve ser testada antes de aplicada -
www.gupade.org
>
><anonymous@discussions.microsoft.com> wrote in message
>news:054c01c471db$e1affc40$3501280a@phx.gbl...
>> I do select the root domain, and I can login, I just do
>> not have "god" rights the the servers in the child
>> domains. I check the domain admins group on a dc in
child
>> domain 1 and it only shows local (meaning child domain
>> ids) users in the domain admins grp, just administrator.
>> I attempt to go to the root domain and then select a
>> global group there and it says their are no selections
>> available.
>>
>> Thanks
>> >-----Original Message-----
>> >Ensure you have selected the root domain when you logon
>> as administrator.
>> >
>> >--
>> >Regards
>> >Christoffer Andersson
>> >Microsoft MVP - Directory Services
>> >
>> >No email replies please - reply in the newsgroup
>> >------------------------------------------------
>> >http://www.chrisse.se - Active Directory Tips
>> >
>> >"Chris" <chrislisi2002@yahoo.com> skrev i meddelandet
>> >news:359001c471c8$07cefca0$a601280a@phx.gbl...
>> >> Ok here is the deal, I am setting up a parent (forest
>> >> root) and 3 child domains. I am now having security
>> >> issues when I log in on a child domain server with
an ID
>> >> from the forest root that is an enterprise admin.
All
>> of
>> >> my organizations user ids will eventually reside in
the
>> >> forest root and the the 3 domains are resources.
>> >> Enterprise admins should have god rights thoughout
the
>> >> forest or am I missing something.
>> >>
>> >> Thanks
>> >> Chris
>> >
>> >
>> >.
>> >
>
>
>.
>
- Previous message: Frater: "Re: Possible Administration Issue."
- In reply to: Chris: "Re: Confused"
- Next in thread: Chris: "Re: Confused"
- Reply: Chris: "Re: Confused"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
