aideb
asked on
BuiltIn\Administrator rights have been modified - ADMT migration
Hi,
I am planning for an ADMT migration and have discovered that the default rights in the source domain for the builtin administrators has been changed. I am currently unaware of why the rights have been modified from their out of the box state.
I have a virtualised test environment where I am planning the migration. After adding the domain admins to the builtin\administrators group in the source domain I noticed that I was still unable to perform administrative functions in the source domain. I then compared the rights delegated to the builtin\administrators to an out of the box domain. For whatever reasons the rights have been removed.
Needless to say, the ADMT tool throws up access denied errors all over the place.
Is anyone able to offer some suggestions on how I am best to work forward with this? Should I be looking to create a new group and delegate control over the whole directory to it?
I have concerns with the configuration of the source domain as it is not standard. Will the changes that have been made be supported by Microsoft?
Any help / suggestions would be appreciated.
Cheers
Aidan
I am planning for an ADMT migration and have discovered that the default rights in the source domain for the builtin administrators has been changed. I am currently unaware of why the rights have been modified from their out of the box state.
I have a virtualised test environment where I am planning the migration. After adding the domain admins to the builtin\administrators group in the source domain I noticed that I was still unable to perform administrative functions in the source domain. I then compared the rights delegated to the builtin\administrators to an out of the box domain. For whatever reasons the rights have been removed.
Needless to say, the ADMT tool throws up access denied errors all over the place.
Is anyone able to offer some suggestions on how I am best to work forward with this? Should I be looking to create a new group and delegate control over the whole directory to it?
I have concerns with the configuration of the source domain as it is not standard. Will the changes that have been made be supported by Microsoft?
Any help / suggestions would be appreciated.
Cheers
Aidan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ended up delgating rights through AD to a new group to reduce risk
ASKER