Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What type of access would you gain access to if you are administrator of AD 2003?

Posted on 2004-08-10
4
Medium Priority
?
170 Views
Last Modified: 2010-08-05
Hello,

What type of things you think an administrator should have control over?  For e.g. RDP access, Restore AD objects, FSMO changes, etc...
0
Comment
Question by:mystikal1000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 18

Expert Comment

by:John Gates, CISSP
ID: 11768499
Well that is a loaded question?  What is the experience level of the administrator?  That is an important thing to consider.  An experienced administrator should have control of RDP settings following company policies regarding it.  A senior administrator should handle restoration of active directory objects (Because of the many steps involved) FSMO changes would be a senior administrator also. FSMO roles after a domain is established would not be done often.  Does this help?

D
0
 
LVL 1

Author Comment

by:mystikal1000
ID: 11769199
Lets say an experienced SR Administrator that should everything capable of administrating AD.  I just want to see what are some suggestions and views on this matter?
0
 
LVL 5

Expert Comment

by:dgroscost
ID: 11769308
Well, if we're talking an experienced administrator that isn't prone to screwing up things, unless there was a valid reason to only delegate certain authority to his account, I would probably recommend giving him complete access - domain, schema, enterprise, etc.  Now, you shouldn't add his specific user to these groups, instead you should provide him with the domain admininistrator credentials.
0
 
LVL 20

Accepted Solution

by:
What90 earned 2000 total points
ID: 11770401
Depending on how many people on what their skills are you can break the admin roles in to different areas.
Sit down and work out what your company has as admin skills and what needs to be done on a daily/weekly/monthly/yearly basis and that may help pick out certain natural roles for working with AD.

Extending the Schema - say would be a yearly thing and only should be done by the most experienced Admin.
Changing users passwords could be done by the helpdesk or a power user and most likely needs to be done dailt


So leave the Enterprose admins groups as top of the tree - as they can do anything to the system/ad etc - 3rd level or higher support skill sets

you may want to break down the Domain admin roles or level it to 2nd/3rd support guys

Then break down the day to day use of the systems and functions. You may want to give the 2nd level guys full control over  OU's and certain functions, like GPO creation of modifying.

Then break the day to day stuff to 1st level - resetting passwords, add machine/printers etc


Hope that's some help.

Chris
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question