Hi guys hope you are all well and can help.
Guys we have the following domain setup.
In the root domain, we have three users in the Enterprise Admins group.
Bob is a member of this group, and we want Bob to be able to administer EVERY computer in the forest with full domain access.
When Bob tries to log on to a domain controller in subdomainB, he can't, because an error says he needs to have the right to log on to this machine.
He tries another DC in another subdomain....same issue.
My questions are....
A) Why can't he log on to these since he is an enterprise admin?
B) Instead of creating a domain admin account in each domain for Bob and others who are members of the enterprise admin group, how can we give enterprise admins full domain access in each domain?
Any help greatly appreciated.