?
Solved

member server delegation

Posted on 2008-11-03
6
Medium Priority
?
484 Views
Last Modified: 2012-08-14
Dear experts,

I am the domain admin for a single active directory domain.  Another company wants admin. access to one of our member servers (i.e. we need to hand ownership of this server to them) - what is the best way to do this ?  They don't want us to control this server anymore - they want full admin access.

The server in question is just running some basic apps i.e. it is not a DC or running any microsoft services as such - but the server has to stay in our domain - it can't be moved into their domain.

I was thinking of creating a new OU and moving this server into it and then delegating control to this ou to the other comany via group permissions, etc.

Can you let me know if this is the perfect solution to this issue or is there a better way please ?

Thanks in anticipation ...

RP
0
Comment
Question by:richardstuartpowell
6 Comments
 
LVL 16

Accepted Solution

by:
JoWickerman earned 105 total points
ID: 22865868
Hi richardstuartpowell,

Is there no way that you can remove the PC from your domain and make it part of a workgroup, keeping it on your subnet? Otherwise the other company will have access to your other servers through this server?

Cheers.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 210 total points
ID: 22865897
If you delegate control to an OU then you will still have the ability to manage the server. The only way to remove the ability to manage it from your administrators is to remove it from your domain (or forest).
0
 
LVL 2

Author Comment

by:richardstuartpowell
ID: 22866354
OK that sounds perfectly reasonable.

I was hoping to keep things tidy and retain the server in our AD but put it into an OU for them to manage - but I get your point that WE would still have access, so I guess the best way to resolve this is to take this member server out of our domain and stick it into a workgroup all of it's own.

How would you suggest that we then give access (admin access) to this server to the other company ?  I was thinking remote desktop ?

Cheers
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 210 total points
ID: 22866371
Yes - Remote desktop would seem a perfectly reasonable solution
0
 

Assisted Solution

by:AckeyGraham
AckeyGraham earned 60 total points
ID: 22866372
Or another is create a acccount, with basic access but give them membership to the local admin of the actual machine. Therefore will still be on your domain and accessed by who needs with your org and also administered by the other outfit.

Sameway both will work
0
 
LVL 2

Author Closing Comment

by:richardstuartpowell
ID: 31512624
Thanks for everyone for responding so quickly - all responses well articulated - cheers fellas.

Points split amongst all that responded :-)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question