Re: Enterprise admins - help

From: ptwilliams (ptw2001_at_hotmail.com)
Date: 11/03/04 

Date: Wed, 3 Nov 2004 21:15:11 -0000

> As a root domain administrator (a member of Enterprise Admins group), I do
> have admins right on both root and child domain controllers. However I
> cannot manage workstations in my child domain.

This is because the DA is a member of the local administrators group for all
domain members; and EA is not.

EA is not designed for administering clients - it is for administering the
forest.

> The only way I get it to work is adding Enterprise admin to local
> administrators at individual workstation. But I have over 200 workstations
> there must be a better way than that.

A better way would be to make a user account that is a member of all
necessary groups, e.g. EA and both DA. 

-- 
Paul Williams
http://www.msresource.net
http://forums.msresource.net
______________________________________
"Pasit R." <PasitR@discussions.microsoft.com> wrote in message 
news:AA0A5D5C-91DF-45CD-8386-776AB65E8213@microsoft.com...
As a root domain administrator (a member of Enterprise Admins group), I do
have admins right on both root and child domain controllers. However I 
cannot
manage workstations in my child domain.
I have try to add Enterprise Admins (or root Domain Admins) to child Domain
Admins group but the system do not allow me to.
The only way I get it to work is adding Enterprise admin to local
administrators at indvidual workstation. But I have over 200 workstations
there must be a better way than that.
Please help...

Relevant Pages

  • Re: Enterprise Admin - Access Denied
    ... Enterprise Admins are automatically added to "Administrators" group in ... permissions on DCs and AD itself - but not on the member servers. ... > I have just created a Child Domain with 2 members servers. ... > Using my account which is a member of the "Enterprise Admins" group, ...
    (microsoft.public.windows.server.general)
  • Enterprise admins - help
    ... have admins right on both root and child domain controllers. ... I have try to add Enterprise Admins (or root Domain Admins) to child Domain ... Admins group but the system do not allow me to. ...
    (microsoft.public.windows.server.active_directory)
  • Re: "enterprise admins" member of local domain administrators ?!
    ... > the root Enterprise Admin folks. ... > domain Administrators group. ... >>The CEO of the child domain asked me if members ... >>automatically member of every domain administators local ...
    (microsoft.public.win2000.security)
  • Re: Confused
    ... >By default the Enterprise Admins are member of any Child ... >Administrators group so they are administrators of the ... >required groups so it can administer the Child Domain ...
    (microsoft.public.win2000.active_directory)
  • Re: Strange Admin Security Phenomenon
    ... > From now on an enterprise admins do not have he power to change something ... Administrator from getting in and manipulating a child domain. ... Well always about 20 minutes after I do that, the> enterprise admin group reappears in the account's ACE, with full control! ...
    (microsoft.public.win2000.security)