asked on Restricting the Domain admins account
Hi - im looking for a way to create a new security group that will allow sysadmins perform their duties without having to be a domain admin in AD.
Active Directory
Last Comment
Marka Mekapse
Can you e more specific about what duties you want them to be able to perform, and what they should not be able to do?
...that will allow sysadmins perform their duties without having to be a domain admin in AD.
question is a bit vague without knowing specifically what is needed
if rights are needed to manage user accounts, password resets, etc. then delegate certain control on an OU to the user(s)
otherwise we can't help without more details
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I knew i had seen this before; thanks for the assist
There are a few prebuild groups you can use. But as the default groups (esp. Domain and Enterprise admin) are also connected to the active directory permissons, my question would be what is your imagination what the should do and what not.
Usually you create domain groups for special task on local machines, so ie SQL Admins, Exchange Admins etc. which are member of the local Admins group but not a domain admin.