What's the different between builtin local/administrators and Domain Admins in AD 2003?

What's the different between builtin local/administrators and Domain Admins in AD 2003?

I don't mean the local/administrators acount in the server but the one that we find in AD in Builin container.

Thanks.
LVL 1
SAM2009Asked:
Who is Participating?
 
yo_beeDirector of Information TechnologyCommented:
That is the local admin to the server.
0
 
Praveen BalanSolution ArchitectCommented:
The member of Built in Administrators group can Members can fully administer the computer/domain, apart from this permissions on registry, user, files etc on assigned to this groups (both on dc's , member servers and workstations).

As you know Domain Admins is member of Built-in administrators group, so all the above permissions are assigned by default to domain admins as well..

The difference is, you can add domain admins into other groups, but not Administrators group. In simple, built-in groups can not be added to other groups...

Praveen
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AeridenCommented:
Administrators is a group on the local SAM (security account database that resides on all Windows machines when not a domain controller - servers and workstations).  Domain Admins is a group that resides within the active directory that replicates across all domain controllers within a given domain (e.g. mydomain.local).  A builtin\Administrators group on one server is completely different than builtin\Administrators on another server.  Being a member on one server limits admin access to only that server.  Being a member of Domain Admins, however, have admin rights on all Domain Controllers.  In addition, a member server (non-domain controller) of a domain, when joining the domain, automatically has builtin\Administrators added to the Domain Admins group, thus allowing a user in Domain Admins to administer those member servers.  There is an advantage of using the active directory for centralized management of security, while the local security is linked to the active directory.  This makes managing servers much more straightforward.  Users that login to the domain, via transitive association (user belongs to a active directory group, the active directory groups are linked to local security groups...  therefore the user has local security access), which is very manageable, especially for a large number of servers.
0
 
SAM2009Author Commented:
Wait wait guys!:)

I'm talking about the builtin local/administrators in Active Directory not the one on server.
Local administrators group on the server I understand the role of that account but what I don't understand well is builtin local/administrators in Active Directory.

Is it the same?

Thanks.

0
 
Praveen BalanSolution ArchitectCommented:
I have explained the same in the previous comment (built-in administrators group and domain admins group on an AD(DC) server).

not the local admin of any member server.

-Praveen
0
 
SAM2009Author Commented:
Sorry Praveen, yes you have understood my question but I just want to specify for the others experts. Hi! Hi! Just to make sure I explained well what I mean.
0
 
SAM2009Author Commented:
Please I don't understand this part of explanation:

The member of Built in Administrators group can Members can fully administer the computer/domain, apart from this permissions on registry, user, files etc on assigned to this groups (both on dc's , member servers and workstations).
0
 
Praveen BalanSolution ArchitectCommented:
in simple, the member of the administrators  fully administer the computer/domain (includes the permission on registry, user, files of all DCs, member servers and work stations).

domain admins are part of the built in administrators group and can also add to other groups for delegating more permissions, where as the built in administrators group can not be added to other groups.

full details, follow this article from technet - http://technet.microsoft.com/en-us/library/cc756898%28v=ws.10%29.aspx
0
 
SAM2009Author Commented:
Basically your explanations are correct guys but I have to add this part to complete:

Builtin Local Administrators group in Active Directory is the same as local administrators group in server except it's for Domain Controllers. Because all domain controllers use the same security database.

Members of those will not be allowed to administer a member server or workstation within the domain, just the domain controllers.  
0
 
SAM2009Author Commented:
Thanks everybody!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.