Avatar of Marka Mekapse
Marka Mekapse
Flag for United States of America asked on

Restricting the Domain admins account

Hi - im looking for a way to create a new security group that will allow sysadmins perform their duties without having to be a domain admin in AD.
Active Directory

Avatar of undefined
Last Comment
Marka Mekapse

8/22/2022 - Mon

Mmh, not excactly what you wrote in the head line.
There are a few prebuild groups you can use. But as the default groups (esp. Domain and Enterprise admin) are also connected to the active directory permissons, my question would be what is your imagination what the should do and what not.  
Usually you create domain groups for special task on local machines, so ie SQL Admins, Exchange Admins etc. which are member of the local Admins group but not a domain admin.  

Can you e more specific about what duties you want them to be able to perform, and what they should not be able to do?
Seth Simmons

...that will allow sysadmins perform their duties without having to be a domain admin in AD.

question is a bit vague without knowing specifically what is needed
if rights are needed to manage user accounts, password resets, etc. then delegate certain control on an OU to the user(s)
otherwise we can't help without more details
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Jeff Glover

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Marka Mekapse

I knew i had seen this before; thanks for the assist