Hi guys hope you are all well and can assist.
We have a situation where a lot of our users have different primary groups.
From my understanding, a new user has a default primary group of Domain Users.
What we need to understand is this.
If you have a user, that was once a member of Domain admins, but has now been removed from domain admins, and their primary group is still Domain admins, does this mean they still have rights of a domain admin, even though they are not listed as a member of the Domain Admins group?
I hope this makes sense.
Basically, to put it another way.
User Bob was a member of Domain Admins.
His PRIMARY GROUP is Domain Admins
Now, Bob has been removed from Domain Admins due to a role change.
His PRIMARY GROUP has not changed, and is still Domain Admins.
Does this mean he still has user rights of a Domain Admin?
Should his primary group change back to the default of Domain Users?
Any help greatly appreciated.