Re: Confused
From: Chris (anonymous_at_discussions.microsoft.com)
Date: 07/27/04
- Next message: Ace Fekay [MVP]: "Re: Exchange 5.5 during AD upgrade"
- Previous message: tpeltz: "Re: Missing Builtin Group"
- In reply to: Sergio Fonseca [MVP]: "Re: Confused"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Jul 2004 08:53:42 -0700
That is the problem, I am not seeing or getting the rights
in the child domains that enterprise admins has in the
forest root domain. What are a few things that I can
check to make sure that I have thing setup correctly.
Thanks
>-----Original Message-----
>Hi,
>
>
>
>By default the Enterprise Admins are member of any Child
Domain
>Administrators group so they are administrators of the
child domain, not
>(immediately...) to their resources.
>
>By default the Domain Admins of a domain (like the child)
are member of the
>member servers and computers administrators group, not
the domain
>administrators group.
>
>
>
>With this settings a Enterprise Admin member can add him
self to the
>required groups so it can administer the Child Domain
resources (servers,
>computers, etc) but is not able to do it immediately.
>
>
>Qualquer sugestão deve ser testada antes de aplicada -
www.gupade.org
>
>"Chris" <anonymous@discussions.microsoft.com> wrote in
message
>news:042a01c472b6$69ec1370$3a01280a@phx.gbl...
>I only have administrator right now, inside the child
>domain I am fine. It is when I log into the child domain
>with the a forest root enterprise admin id that I have
>problems, my understanding is that enterprise admins have
>god rights to all things in all child domains.
>
>Thanks
>>-----Original Message-----
>>Hi,
>>
>>By default, the members of the Domain Admins group
>are "administrators" of
>>the member servers of domain.
>>Who do you have in the domain "domain admins" and in the
>member servers
>>local administrators group ?
>>
>>Qualquer sugestão deve ser testada antes de aplicada -
>www.gupade.org
>>
>><anonymous@discussions.microsoft.com> wrote in message
>>news:054c01c471db$e1affc40$3501280a@phx.gbl...
>>> I do select the root domain, and I can login, I just do
>>> not have "god" rights the the servers in the child
>>> domains. I check the domain admins group on a dc in
>child
>>> domain 1 and it only shows local (meaning child domain
>>> ids) users in the domain admins grp, just
administrator.
>>> I attempt to go to the root domain and then select a
>>> global group there and it says their are no selections
>>> available.
>>>
>>> Thanks
>>> >-----Original Message-----
>>> >Ensure you have selected the root domain when you
logon
>>> as administrator.
>>> >
>>> >--
>>> >Regards
>>> >Christoffer Andersson
>>> >Microsoft MVP - Directory Services
>>> >
>>> >No email replies please - reply in the newsgroup
>>> >------------------------------------------------
>>> >http://www.chrisse.se - Active Directory Tips
>>> >
>>> >"Chris" <chrislisi2002@yahoo.com> skrev i meddelandet
>>> >news:359001c471c8$07cefca0$a601280a@phx.gbl...
>>> >> Ok here is the deal, I am setting up a parent
(forest
>>> >> root) and 3 child domains. I am now having security
>>> >> issues when I log in on a child domain server with
>an ID
>>> >> from the forest root that is an enterprise admin.
>All
>>> of
>>> >> my organizations user ids will eventually reside in
>the
>>> >> forest root and the the 3 domains are resources.
>>> >> Enterprise admins should have god rights thoughout
>the
>>> >> forest or am I missing something.
>>> >>
>>> >> Thanks
>>> >> Chris
>>> >
>>> >
>>> >.
>>> >
>>
>>
>>.
>>
>
>
>.
>
- Next message: Ace Fekay [MVP]: "Re: Exchange 5.5 during AD upgrade"
- Previous message: tpeltz: "Re: Missing Builtin Group"
- In reply to: Sergio Fonseca [MVP]: "Re: Confused"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
