Domain Admin password changes

From: Mike B <Mike B@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 2 May 2005 15:06:08 -0700

We are running AD 2003. My boss wants to set the default domain admin
password and put that password in a safe for security. The problem is that
an domain admin can change that adminstrator password. Is there a way to
prevent the default domain admin's password from being changed by anyone
other than logging in as the domain admin?
.

Follow-Ups:
- Re: Domain Admin password changes
  - From: Joe Richards [MVP]
- Re: Domain Admin password changes
  - From: Chriss3 [MVP]

Prev by Date: Roaming Outlook Express Account?
Next by Date: RE: Roaming Outlook Express Account?
Previous by thread: Roaming Outlook Express Account?
Next by thread: Re: Domain Admin password changes
Index(es):
- Date
- Thread

Relevant Pages

Re: Domain Admin password changes
... Mike B wrote: ... password and put that password in a safe for security. ... The problem is that an domain admin can change that adminstrator password. ...
(microsoft.public.windows.server.active_directory)
Re: Are Domains True Security Boundaries?
... The ONLY true bondary of security is the Forest. ... So if you do not trust a group of "domain admin" who for whatever reason you ... > We feel that adding a second domain and giving untrusted domain admin ...
(microsoft.public.windows.server.active_directory)
Read only Admin privileges for Active Directory environment?
... Our InfoSec team has requested Domain Admin privileges ... on the corporate Active Directory to audit the environment's security. ...
(Security-Basics)
Re: Admin Acct
... > We have an obligation in security documentation to discuss the least ... > SMS without Domain Admin rights. ... >> wants to use advanced security, local admin rights and no domain admin ...
(microsoft.public.sms.admin)
Re: Mailbox Permissions - Deny Access
... why does your domain admin account have a mailbox at all (making the ... This goes against our security ...
(microsoft.public.exchange.admin)