Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain Admins Question

Posted on 2011-03-02
6
Medium Priority
?
289 Views
Last Modified: 2012-05-11
I have a root domain, lets call it:  DomainA.com.  I created a child domain.  Called Child.DomainA.com

why is it that i cannot place my account (in parent domain) in the domain admins of child.domainA.com?  

what sense does this make?  The enterprise admins were added to the Domain controllers administrators group, but not domain admins.
0
Comment
Question by:beaconlightboy
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018806
Because the domain admins is specific to eachdomain, allowing the delegation of permissions for that domain only.

The enterprise admins is then added to the domain admins to give an Enteprise or Forest administration group.
0
 
LVL 3

Author Comment

by:beaconlightboy
ID: 35019104
You said -
"The enterprise admins is then added to the domain admins to give an Enteprise or Forest administration group. "


yes - but i cannot add the enterpise admins to my child domain's domain admins group.  Therefore my enterprise admins, are not so enterprise :(.

i believe that is because it is a global group and can only contain domain users.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 2000 total points
ID: 35019144
Ahh, it needs to be a universal group I believe ;)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:beaconlightboy
beaconlightboy earned 0 total points
ID: 35019206
yes but the default domain admins group is a global group.  you can't change it.  So i guess what i'm saying is, that by default when you add a child domain.  youre enterprise admins are not really enterprise admins because they can't administer any servers in that child domain unless they are explicitely added to that servers administrators group, or they have an account in the child domain that is in the domain admins group for the child domain.

if this is true, then i have to throw down a wtf on that one?
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 2000 total points
ID: 35019317
Oh sorry, I see what your saying wood and trees and all that.

Yes, that is correct ;) you need to create a new group.
0
 
LVL 3

Author Closing Comment

by:beaconlightboy
ID: 35067770
Fantastic.  I just wasn't thinking clearly (like microsoft).  It's obvious the 'Enterprise' is not all domains. LOL.

thanks for the clarification.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question