Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Domain Admins Question

Posted on 2011-03-02
6
Medium Priority
?
288 Views
Last Modified: 2012-05-11
I have a root domain, lets call it:  DomainA.com.  I created a child domain.  Called Child.DomainA.com

why is it that i cannot place my account (in parent domain) in the domain admins of child.domainA.com?  

what sense does this make?  The enterprise admins were added to the Domain controllers administrators group, but not domain admins.
0
Comment
Question by:beaconlightboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018806
Because the domain admins is specific to eachdomain, allowing the delegation of permissions for that domain only.

The enterprise admins is then added to the domain admins to give an Enteprise or Forest administration group.
0
 
LVL 3

Author Comment

by:beaconlightboy
ID: 35019104
You said -
"The enterprise admins is then added to the domain admins to give an Enteprise or Forest administration group. "


yes - but i cannot add the enterpise admins to my child domain's domain admins group.  Therefore my enterprise admins, are not so enterprise :(.

i believe that is because it is a global group and can only contain domain users.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 35019144
Ahh, it needs to be a universal group I believe ;)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:beaconlightboy
beaconlightboy earned 0 total points
ID: 35019206
yes but the default domain admins group is a global group.  you can't change it.  So i guess what i'm saying is, that by default when you add a child domain.  youre enterprise admins are not really enterprise admins because they can't administer any servers in that child domain unless they are explicitely added to that servers administrators group, or they have an account in the child domain that is in the domain admins group for the child domain.

if this is true, then i have to throw down a wtf on that one?
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 2000 total points
ID: 35019317
Oh sorry, I see what your saying wood and trees and all that.

Yes, that is correct ;) you need to create a new group.
0
 
LVL 3

Author Closing Comment

by:beaconlightboy
ID: 35067770
Fantastic.  I just wasn't thinking clearly (like microsoft).  It's obvious the 'Enterprise' is not all domains. LOL.

thanks for the clarification.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question