System Administrator access to domain controllers

[Guest]

I can't seem to find this information anywhere and I'm hoping someone can
help. Management of the active directory in my org is split between the
physical maintenance of domain controllers and maintenance of the active
directory. I am trying to figure out a way in which I can grant a group
access to our DC's so they can maintain them. I have added them to server
operator for local login but they are prohibited from doing certain things
like changing server IP addresses etc. Are there any rights or groups other
then domain admin or administrator I can add them to that would allow them to
change configuration information on a DC? I'm especially concerned with IP
addresses as we are moving DC's from an old data center to a new one. Thanks
in advance,
Marc

 

[Steven L Umbach]

Only domain admins can do what you want in Windows 2000 - change
configuration of tcp/ip and such. Windows 2003 has added the network
configuration operators group to allow non admins to change tcp/ip
configuration. There may be a workaround for changing the tcp/ip
configuration. I have not tried this myself but see the JSI tip in the link
below on how to use Scheduled Tasks to configure a task to run once. That
may work if it use netsh to change the tcp/ip configuration in a batch file.
Be sure to test it out if you want to consider it.. -- Steve

http://www.jsiinc.com/SUBG/TIP3000/rh3063.htm
http://www.winnetmag.com/Windows/Article/ArticleID/41111/41111.html --
netsh examples.