What kinds of right I need to gain to the local system administrat

Our company has been setup with both Headquarter and branch offices with
Server 2003 DCs. We like to gain the control to each branch office system
administrator to manage their own branch office DC like restart the IIS
service etc. What is the best way to do? We don’t want the branch office
administrators to have control on the headquarter DC at all.

Thanks

 

Hi Peter

If the DCs are in the same domain, there is currently no way to provide
administrator access to a DC without providing Domain Admins privilege.

You will have to wait for the next version of the Windows Server OS.

Tony
www.activedir.org

 

The branch DCs are the child domain of Headquarter DCs.

 

Doesn't matter, it is possible for the admins in any domain in a forest to
escalate their permissions to enterprise admin if they so desire.

Even in the next rev of Windows Server currently codenamed Longhorn Server the
same limitation applies though you can set up a special type of DC called a Read
Only DC that you can deploy to a site and allow a local admin to have admin
rights of the machine (but not the AD).

joe

 

Move all unnecessary services off of the DC's and provide the users local
admin on the new servers.

You can't manage a single dc within a group of dc's.
--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

I wonder if they will call it an "RDC".

 

Currently it is officially called an RODC even though I kept accidently saying
BDC. ;o)

 

Yeah, and *they* didn't take too kindly to that branding <g>