?
Solved

Multiple Domain Admins with One domain controller

Posted on 2007-10-10
5
Medium Priority
?
305 Views
Last Modified: 2008-05-31
We have an outfit in Canada and head office in US, Canadian office has few users and we would like to have an  admin at that location. Since we remotely do everything, it is coming to the point that we need a service personal there. We have one Windows 2003 domain controller (A/D)and would like to create two domain admins. Is this possible.
0
Comment
Question by:rexyphilips
  • 3
5 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20047706
you cannot have two domains on one server, what you want to do, is have two domain controllers replicating, and then delegate rights to the remote admin on his OU
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx
0
 
LVL 2

Expert Comment

by:csimonds
ID: 20047794
If you want to designate a second user as a domain administrator, yes, that's possible. Just make whichever user you want to be the additional admin a member of the Domain Admins group.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20047858
jeez i misread that question something chronic...missed the admin bit :)

still, delegation is much much more secure that having two domain admins
0
 

Author Comment

by:rexyphilips
ID: 20048153
Hi Jay, in todays world of centralization and virtulization, I was hoping that Windows  2008 would be able to administer a Junior Admin. I do understand that OU can be made, but they  will stumble on issues.

As my question was pertaining to WIndows 2003, the answer seems to be No, correct?
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 150 total points
ID: 20048213
2003 will allow you to have as many domain admins as you want, however, that is an unpleasant risk.....your delegation of control is ideal for the junior admin role, its pretty much designed for that, it lets you control completely what they can and cannot do....other than that you have security groups and policies and thats about it :) 2008 wont change any of those basic prinicples either - i think if you look at the wizard, you will be pleasantly surprised

apologies on the misread initially too.....made me look like as classy as a goose
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question