Abdu_Allah
asked on
What is domain administrator permissions?
Hi, Actually I am new in this topic but I just want to know what are domain administrator permissions? and should domain administrator(s) be member of administrators built-in group?
Please help.
Please help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In other words can domain administrators assigned different permissions?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Actually what I am trying to do is to determine if specific user is admin or not admin programatecally. The idea that I have is to find if that user is member of administrators built-in group if so then this is domain administrator user, Do you think this is a good idea?
If I understand correctly, what you are trying to do, then the answer is no.
IF a user is member of the Domain Admins group, THEN he is also member of the Administrators Group, the reverse is not true.
IF a user is member of the Domain Admins group, THEN he is also member of the Administrators Group, the reverse is not true.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
============
The idea that I have is to find if that user is member of administrators built-in group if so then this is domain administrator user, Do you think this is a good idea?
============
Can you explain this statement in more detail? Are you talking about the built-in administrators group on the domain or on the local workstations? What are you trying to accomplish?
The idea that I have is to find if that user is member of administrators built-in group if so then this is domain administrator user, Do you think this is a good idea?
============
Can you explain this statement in more detail? Are you talking about the built-in administrators group on the domain or on the local workstations? What are you trying to accomplish?
ASKER
Actually I have the code that retreive groups' members but what I want to do is to check if the given user is domain admin or not. Now the idea that I have is if someone is domain admin then he must be member of built-in administrators group on the domain so all what I have to do is to check if that user is member of that group(domain administrators group ) then he is admin.
>Are you talking about the built-in administrators group on the domain or on the local workstations?
Actually I am talking about built-in administrators group on the domain.
>Are you talking about the built-in administrators group on the domain or on the local workstations?
Actually I am talking about built-in administrators group on the domain.
in ADUC (dsa.msc) open the built in administrators group and see what it's members are. If domain admins is in there, then yes, all domain admins are part of the built-in administrators on the domain.
You can also open domain admins in ADUC and see the members.
If you want a CLI version:
dsquery group -name groupname | dsget group -members -expand
where groupname is the name of the group, so administrators and "domain admins"
You can also open domain admins in ADUC and see the members.
If you want a CLI version:
dsquery group -name groupname | dsget group -members -expand
where groupname is the name of the group, so administrators and "domain admins"
ASKER
>in ADUC (dsa.msc) open the built in administrators group and see what it's members are
Sorry but I do not have server at this moment.
Sorry but I do not have server at this moment.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER