Domain Rights

C

chip33az

Hello,

I work for a large company with several remote administrators. These
administrators need to be able to add/modify/delete accounts and
computers. They are not allowed to be Domain Administrators.

We did that through permissions on OUs and granting them rights to
local computer systems.

Is it possible to grant them rights to work on domain controllers
(install patches) without making them domain admins?

Thanks.
 
S

Steven L Umbach

No that is not possible and can not be delegated using AD permissions. By
their nature domain controllers contain very sensitive information including
a writeable copy of Active directory and need to be managed by a trusted
domain level administrator. It is possible to dcpromo a domain controller
remotely if need be or manage it via Terminal Services remote
administration.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

File mapping security rights 1
Giving admin rights to a subset of computers 12
Administrative rights on specified domain controller 8
Should this work? - Folder permissions 1
Changing process priorities of normal users 3
Domain users = local administrator 1
User Rights to Install Software 2
Domain Controller Administration 4

Top