Admin rights on a dc without domain adim rights.

Discussion in 'Active Directory' started by x, May 10, 2007.

  1. x

    x Guest

    Anyone one have a clue if you can give a user admin rights to a single
    dc without giving them domain admin or admin rights?

    We have an admin that only needs to run patches, updates, install/remove
    software on a dc, but not have the right to access the other dcs.


    This is all in one domain.
     
    x, May 10, 2007
    #1
    1. Advertisements

  2. x

    Anthony Guest

    Not possible. You need admin rights to install software (mostly) and anyone
    with admin rights on a DC has control of the domain. You have to do it
    yourself,
    Anthony
    http://www.airdesk.co.uk
     
    Anthony, May 10, 2007
    #2
    1. Advertisements

  3. I would highly suggest you don't install any software on your dc, this is
    what member servers are for. Find a member server that is available and
    grant this user local admin rights on this and leave the DC to be just that,
    a DC.

    Once you grant someone Administrator rights on a DC you grant the rights to
    do anything they want, look at any document they want, etc... Find a member
    server and keep the number of users that have domain admin rights down to
    two or three.
     
    Paul Bergson [MVP-DS], May 10, 2007
    #3
  4. No you absolutely cannot do this.

    Some people think you can, those people are dead wrong.

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], May 11, 2007
    #4
  5. x

    DevilsPGD Guest

    In message <#> "Joe Richards [MVP]"
    You can fake it though (which is far, far worse)
     
    DevilsPGD, May 11, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.