Solved

administrator and administrators OU's in AD? What are there roles?

Posted on 2004-10-06
8
325 Views
Last Modified: 2010-04-19
I am reading through my administrators guide to windows 2003 and in the "active directory objects" it goes over the different roles, domain admins, domain guests etc.

I noticed it has an "Administrator" and an "Administrators" group. What is the difference? Is one a local admin acccount giving full control on the computer locally and the other a server admin account?

Please explain.
Thanks
0
Comment
Question by:georgecooldude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 16

Accepted Solution

by:
JamesDS earned 20 total points
ID: 12236682
georgecooldude

The ADMINISTRATOR User account is the primary account for administering the domain.

The ADMINSTRATORS group is a group of users that CAN administer the domain - you can add any user account to this group that you wish to use as an administrator account.

So, if more than one person needs to administer the domain, you add them to the GROUP. If only one person needs the rights, then they could just use the USER account.

Cheers

JamesDS
0
 
LVL 5

Author Comment

by:georgecooldude
ID: 12237116
ok thanks!

There are 3 of us who I would like to be administrators. I'll ass us all to the administrators group. I assume this means I don't need to do anything to the Administrator user
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12237187
georgecooldude
Yup, exactly right.

Store the password for the Administrator account in a safe place, just in case you need it.

Cheers

JamesDS
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Author Comment

by:georgecooldude
ID: 12237374
Thanks JamesDS,

With this account  do I also have control locally on the computer I logged in with?

I tryed something similar before but was unable to change such settings as the system time.

I know with NT server if you were a member of the administrators group you could do what you liked. It seems and i may be wrong here but to adjust settings locally on computers I have to setup a local administer account on the computer and cannot use my account on the windows 2003 server to adjust things specific to the local computer. Is there a way around this as I dont have time to create local admin accounts on our 100 or so PC's.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12237416
georgecooldude

The Local Machine is not same security boundary as the Domain.

Make the "Domain Admins" group a member of the local Administrators group on the workstation and then join your administrative user account to the Domain Admins group.

Cheers

JamesDS
0
 
LVL 5

Author Comment

by:georgecooldude
ID: 12237598
"Make the "Domain Admins" group a member of the local Administrators group on the workstation"

Where can this be done on a windows XP Pro machine? I am logged in under a windows NT server administrator account. Should I log in as the local administrator account?
0
 
LVL 5

Author Comment

by:georgecooldude
ID: 12237652
ok i think i found it.

Its in control panel, then users, and then I click the advanced tab and then the advanced management option. I then get a new box pop up with:

Local users and groups.
 - users
 - groups

I guess I should add the domain admins to the "groups" bit then. :-)
0
 
LVL 5

Author Comment

by:georgecooldude
ID: 12239056
Ah, I've found my answer. :)
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP restore question Server 2003 to 2012 3 55
What is this Task? 4 152
Automate Windows Updates with SCCM 2 93
AD account Auto logoff 1 39
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question