Re: delegate privileges in another domain in another forest
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Mon, 19 Jun 2006 19:55:54 +0100
Hi
Create Universal Group, make it member of Domain Admins of the domain that
you want to administrate, then make the "others" Domain Admins members of
that U.G.
Active Directory data that is stored in the schema and configuration
containers is replicated to every domain controller in the forest. Since
changes to the schema and configuration containers will affect all domains
in the forest, administrative control for forest-wide changes should be
entrusted to highly trained or experienced administrators. All domain data
contained in the forest root domain should also be regarded as highly
sensitive data.
The following groups provide forest-wide administrative control in each
forest:
. Enterprise Admins
. Domain Admins (in the forest root domain)
. Schema Admins
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"George" <George@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9437F251-D92E-4EBF-A7A2-B1F75CDA95C5@xxxxxxxxxxxxxxxx
We have two forests with two way external trust enabled and working.
I need to allow our domain admins here to have domain admins privileges in
the other domain that is in another forest. Since domain admins is a
global
group I cannot add groups from other domains...
How should I do this? How can I add domain admins from the foreign domain
B
to all local admins groups in domain A for all workstations?
Thanks
--
George
.
- Follow-Ups:
- Re: delegate privileges in another domain in another forest
- From: Paul Bergson
- Re: delegate privileges in another domain in another forest
- Prev by Date: Re: Changing ADAM user password
- Next by Date: Re: Error NTDS General Global Catalog 1126
- Previous by thread: Re: 2k3 to 2k3 Trusts over VPN's
- Next by thread: Re: delegate privileges in another domain in another forest
- Index(es):
Relevant Pages
|
