Re: Domain Admin Group membership / Domain Security policy
- From: "Dmitry Korolyov [MVP]" <d__k@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 9 Aug 2005 12:47:29 +0400
Use gpresult or similar tools to verify effective policy being applied to
the domain and domain controllers. It is clear that a GPO that redefines
Domain Admins membership through Restricted Groups is in effect.
--
Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
MVP: Windows Server - Directory Services
"Guido" <gadiaz@xxxxxxxxxxx> wrote in message
news:A3023B84-14E7-4D25-BA61-0408851203E8@xxxxxxxxxxxxxxxx
>I am trying to add a new member of out IT department to the Domain Admin
> group and he is getting removed every time that the security policy is
> applied. There are restricted groups in both the Domain controller and
> Domain
> security policies but the new user is a member of both restricted groups.
>
> Also the old member of the IT dept that is no longer in IT keeps on
> getting
> "Re-added" to the Domain Admin restricted group even though when you look
> into his AD user account he is not in the Domain Admin group.
>
>
> --
> Guido
.
- References:
- Prev by Date: Re: Windows 2003 illegal access
- Next by Date: Re: Built-In Group - Remote Desktop Connection
- Previous by thread: Domain Admin Group membership / Domain Security policy
- Next by thread: Re: Domain Admin Group membership / Domain Security policy
- Index(es):
Relevant Pages
|
