Solved

member server delegation

Posted on 2008-11-03
6
477 Views
Last Modified: 2012-08-14
Dear experts,

I am the domain admin for a single active directory domain.  Another company wants admin. access to one of our member servers (i.e. we need to hand ownership of this server to them) - what is the best way to do this ?  They don't want us to control this server anymore - they want full admin access.

The server in question is just running some basic apps i.e. it is not a DC or running any microsoft services as such - but the server has to stay in our domain - it can't be moved into their domain.

I was thinking of creating a new OU and moving this server into it and then delegating control to this ou to the other comany via group permissions, etc.

Can you let me know if this is the perfect solution to this issue or is there a better way please ?

Thanks in anticipation ...

RP
0
Comment
Question by:richardstuartpowell
6 Comments
 
LVL 16

Accepted Solution

by:
JoWickerman earned 35 total points
Comment Utility
Hi richardstuartpowell,

Is there no way that you can remove the PC from your domain and make it part of a workgroup, keeping it on your subnet? Otherwise the other company will have access to your other servers through this server?

Cheers.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 70 total points
Comment Utility
If you delegate control to an OU then you will still have the ability to manage the server. The only way to remove the ability to manage it from your administrators is to remove it from your domain (or forest).
0
 
LVL 2

Author Comment

by:richardstuartpowell
Comment Utility
OK that sounds perfectly reasonable.

I was hoping to keep things tidy and retain the server in our AD but put it into an OU for them to manage - but I get your point that WE would still have access, so I guess the best way to resolve this is to take this member server out of our domain and stick it into a workgroup all of it's own.

How would you suggest that we then give access (admin access) to this server to the other company ?  I was thinking remote desktop ?

Cheers
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 70 total points
Comment Utility
Yes - Remote desktop would seem a perfectly reasonable solution
0
 

Assisted Solution

by:AckeyGraham
AckeyGraham earned 20 total points
Comment Utility
Or another is create a acccount, with basic access but give them membership to the local admin of the actual machine. Therefore will still be on your domain and accessed by who needs with your org and also administered by the other outfit.

Sameway both will work
0
 
LVL 2

Author Closing Comment

by:richardstuartpowell
Comment Utility
Thanks for everyone for responding so quickly - all responses well articulated - cheers fellas.

Points split amongst all that responded :-)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Weird DFS behavior... 5 44
Move Users to New Domain from Old Domain 8 59
automatic login 1 19
ACTIVE DIRECTORY 3 26
I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now