Is there any built in group within AD for local administrator?

LuiLui77
LuiLui77 used Ask the Experts™
on
Is there any built in group within AD that will grant the members local administrative permission on computers in the domain?

I will appreciate any guidance!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Short answer no.

1. Create a Domain Group called for example "Local Admin"
2. add all users to this group that you want to grant as local administrators
3.  Use group policies to deploy this

Computer / Preferences / Control Panel / Local Users & Groups / Group – Administrator
Add your Domain Name\ the Group Local Admin

or

Look up the "Restricted Groups" Group Policy.
Distinguished Expert 2018

Commented:
Short answer: yes! Of course the group domain administrators is by default member of the local administrator group of any domain member.

Whether it is sensible to use that group for client administration is another question.

Commented:
McKnife is correct there.

@LuiLui77
Do you really want to grant users as Domain Admins?
A Domain Admin is more than a local Administrator.
Windows Built-in Users and Default Groups http://ss64.com/nt/syntax-security_groups.html

Author

Commented:
Is just local administration of the client machines, not to domain or servers
Distinguished Expert 2018

Commented:
Then the approach as described by awawada should be used and the ´GPO should of course only be applied to an OU with client computers, not servers.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial