Solved

BuiltIn\Administrator rights have been modified - ADMT migration

Posted on 2010-08-20
4
560 Views
Last Modified: 2012-05-10
Hi,

 

I am planning for an ADMT migration and have discovered that the default rights in the source domain for the builtin administrators has been changed. I am currently unaware of why the rights have been modified from their out of the box state.

 

I have a virtualised test environment where I am planning the migration. After adding the domain admins to the builtin\administrators group in the source domain I noticed that I was still unable to perform administrative functions in the source domain. I then compared the rights delegated to the builtin\administrators to an out of the box domain. For whatever reasons the rights have been removed.

Needless to say, the ADMT tool throws up access denied errors all over the place.

Is anyone able to offer some suggestions on how I am best to work forward with this? Should I be looking to create a new group and delegate control over the whole directory to it?

I have concerns with the configuration of the source domain as it is not standard. Will the changes that have been made be supported by Microsoft?

 

Any help / suggestions would be appreciated.

 

Cheers

 

Aidan
0
Comment
Question by:aideb
  • 2
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 33487120
To restate, your production AD domain has had its Administrators group's rights modified (limited in some way).  You want to know how to regain complete administrative control to your AD.

To answer that, we will need to know more about your production AD.  Is it 2003 or 2008 (you listed both in your Tags)?  On what type of server do your FSMO roles rest?

Justin
0
 
LVL 2

Author Comment

by:aideb
ID: 33491106
The domain is at a 2003 functional level and has mainly 2003 servers (some 2008)
0
 
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 500 total points
ID: 33500587
Is this a domain you inherited?  Is it possible that the prior admin(s) hardened the default MS policies?  There are several methodologies to do this, but I would start here:

http://technet.microsoft.com/en-us/library/cc773365%28WS.10%29.aspx

I know it will be a pain, but work backward through the processes it walks through.  You are likely to find where the change was made this way.

Justin
0
 
LVL 2

Author Closing Comment

by:aideb
ID: 33574544
Ended up delgating rights through AD to a new group to reduce risk
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question