administrator and administrators OU's in AD? What are there roles?

I am reading through my administrators guide to windows 2003 and in the "active directory objects" it goes over the different roles, domain admins, domain guests etc.

I noticed it has an "Administrator" and an "Administrators" group. What is the difference? Is one a local admin acccount giving full control on the computer locally and the other a server admin account?

Please explain.
Thanks
LVL 5
georgecooldudeAsked:
Who is Participating?
 
JamesDSCommented:
georgecooldude

The ADMINISTRATOR User account is the primary account for administering the domain.

The ADMINSTRATORS group is a group of users that CAN administer the domain - you can add any user account to this group that you wish to use as an administrator account.

So, if more than one person needs to administer the domain, you add them to the GROUP. If only one person needs the rights, then they could just use the USER account.

Cheers

JamesDS
0
 
georgecooldudeAuthor Commented:
ok thanks!

There are 3 of us who I would like to be administrators. I'll ass us all to the administrators group. I assume this means I don't need to do anything to the Administrator user
0
 
JamesDSCommented:
georgecooldude
Yup, exactly right.

Store the password for the Administrator account in a safe place, just in case you need it.

Cheers

JamesDS
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
georgecooldudeAuthor Commented:
Thanks JamesDS,

With this account  do I also have control locally on the computer I logged in with?

I tryed something similar before but was unable to change such settings as the system time.

I know with NT server if you were a member of the administrators group you could do what you liked. It seems and i may be wrong here but to adjust settings locally on computers I have to setup a local administer account on the computer and cannot use my account on the windows 2003 server to adjust things specific to the local computer. Is there a way around this as I dont have time to create local admin accounts on our 100 or so PC's.
0
 
JamesDSCommented:
georgecooldude

The Local Machine is not same security boundary as the Domain.

Make the "Domain Admins" group a member of the local Administrators group on the workstation and then join your administrative user account to the Domain Admins group.

Cheers

JamesDS
0
 
georgecooldudeAuthor Commented:
"Make the "Domain Admins" group a member of the local Administrators group on the workstation"

Where can this be done on a windows XP Pro machine? I am logged in under a windows NT server administrator account. Should I log in as the local administrator account?
0
 
georgecooldudeAuthor Commented:
ok i think i found it.

Its in control panel, then users, and then I click the advanced tab and then the advanced management option. I then get a new box pop up with:

Local users and groups.
 - users
 - groups

I guess I should add the domain admins to the "groups" bit then. :-)
0
 
georgecooldudeAuthor Commented:
Ah, I've found my answer. :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.