Solved

"Domain Controller Builtin\Administrator" VS "Domain Administrator" - whats the difference

Posted on 2006-10-24
4
952 Views
Last Modified: 2008-02-07
Hi All,


I work in a single domain enviroment.


What's the difference between the builting Domain Controller "Builtin\Administrator" and the "Domain Administrator" group.


The reason i ask is we have a lot of users in "Builtin\Administrator" group on the DC


Thanks
0
Comment
Question by:detox1978
  • 2
4 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17798998
EXACLY where are you seeing the builtin\administrator group?
i'm not sure where the "domain administrator" group you are talking about comes from either, b/c in my domain all of the built in groups are called "xxx Admins" without the word administrator spelled out.  This domain has been upgraded from NT4, to 2000 to 2003 so that might be why though.

0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17799240
For a file server the built in Administrators group has all the admin permissions and by default when it is added to the domain, Domain Admins gets added to the Local Adminstrators.

For the case of AD, the Built in Administrators group pretty much all the local permission to AD and by default the Domain Admins group is a member of the built in administrators.  Domain Admins\enterprise admins\Schema Admins are given addition permissions to the directory that being a member of the built in administrators won't give you.  Also being in Domain Admins by default gives you admin access to all member machines (desktops\servers).

So essentially,

Members of the built in adminstrators, they can do almost anything to AD user/group/computer objects, But they won't have access to the file servers or desktops.  However, they can add themselves to the Domain Admins group and have access to all computers in the domain.



0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17799346
if you are seeing the 'builting\administrators" on NTFS permissions (the security tab on the properties of a file/folder" then that is the LOCAL admin group.  The domain admin group is a DOMAIN administrator group.  these are two completely different groups.  

>>The reason i ask is we have a lot of users in "Builtin\Administrator" group on the DC
this is what confuses me and why i asked that you explain EXACLY where you saw this.  B/C on a DC, there is no such thing as a local group.

0
 
LVL 2

Author Comment

by:detox1978
ID: 17801718
Thanks Pber, that was what i thought, but wanted it confirmed.


mikeleebrla, mikeleebrla, its in the "Builtin" OU.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question