Re: Child Domain Administration
From: Matt (mdframe_at_sorvive.DONT-SEND-SPAM.com)
Date: 02/04/05
- Next message: Todd J Heron: "Re: DC and DHCP question(s)"
- Previous message: James S. Borg: "CSVDE.exe Some Results Display as Binary Values"
- In reply to: Guido G: "Re: Child Domain Administration"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 4 Feb 2005 15:39:04 -0500
The acme.com domain is not empty, all of our main processing power for all
of our clients is maintained in that domain. We decided to cut our
corporate office out of the main domain to have better control over security
and other resources. Our main equipment has also been relocated to a
dedicated operations center and they recommended the corporate office not be
part of the main domain for several security reasons. This domain will
actually contain 16 servers. We just don't want to have to add our user
id's to each child domain as then you get into a password nightmare.
I am unsure what you mean about group-policy changes as this is my first
experience working in Active Directory. I am trying to give myself and one
other person full control over the parent and child domain while not having
to duplicate our user id's. Advice, experience, how to, or any best method
or information you can offer would be greatly appreciate.
If you need any additional information about the situation please let me
know.
Thanks,
Matt
"Guido G" <guidoDOTgrillenmeierAThpANOTHERDOTcom> wrote in message
news:uUGncYkCFHA.2032@tk2msftngp13.phx.gbl...
> you may want to go into more detail on "we had assumed that the enterprise
> group would be able to administer any of the child domains but we have
found
> the assumption is incorrect"
>
> I assume you're talking about management of clients or server that are
> members of the child domain - although the enterprise admins can fully
> manage all aspects of all child domains, the group is not automatically
> added to the local groups of all the member clients and server in the
child
> domain. If you want this to be the case, you can do so by group-policy
(e.g.
> using the Restricted Groups feature).
>
> On the other hand, it's not such a great idea to use the enterprise admins
> group for everday mgmt at all (assuming you acme.com domain is an "empty"
> root domain) - so I would suggest to treat those accounts as very special
> and to add a speparate domain admin account in your child. These will be
> able to fully administer all objects in the domain without much change -
> incl. member machines.
>
> /Guido
>
> "Matt" <mdframe@sorvive.DONT-SEND-SPAM.com> wrote in message
> news:ufZPDjjCFHA.444@TK2MSFTNGP09.phx.gbl...
> > We have recently started building a new architecture for our company.
We
> > have an enterprise domain of acme.com and we created a child domain
called
> > corp.acme.com. All of the trusts and DNS information is working
perfectly
> > and we are very happy thus far. We have added 2 people to the
Enterprise
> > Admins group in the acme.com domain and we had assumed that the
enterprise
> > group would be able to administer any of the child domains but we have
> found
> > the assumption is incorrect. Can someone please give us some
information
> on
> > how to have the Enterprise Admins group administer the child domain of
> > corp.acme.com without having to create the user id's a second time.
> >
> > Any suggestions or links are greatly appreciated.
> >
> > Thanks,
> >
> > Matt
> >
> >
> >
>
>
- Next message: Todd J Heron: "Re: DC and DHCP question(s)"
- Previous message: James S. Borg: "CSVDE.exe Some Results Display as Binary Values"
- In reply to: Guido G: "Re: Child Domain Administration"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
