Link to home
Create AccountLog in
Avatar of Marka Mekapse
Marka MekapseFlag for United States of America

asked on

Restricting the Domain admins account

Hi - im looking for a way to create a new security group that will allow sysadmins perform their duties without having to be a domain admin in AD.
Avatar of Bembi
Bembi
Flag of Germany image

Mmh, not excactly what you wrote in the head line.
There are a few prebuild groups you can use. But as the default groups (esp. Domain and Enterprise admin) are also connected to the active directory permissons, my question would be what is your imagination what the should do and what not.  
Usually you create domain groups for special task on local machines, so ie SQL Admins, Exchange Admins etc. which are member of the local Admins group but not a domain admin.  
Can you e more specific about what duties you want them to be able to perform, and what they should not be able to do?
...that will allow sysadmins perform their duties without having to be a domain admin in AD.

question is a bit vague without knowing specifically what is needed
if rights are needed to manage user accounts, password resets, etc. then delegate certain control on an OU to the user(s)
otherwise we can't help without more details
ASKER CERTIFIED SOLUTION
Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Marka Mekapse

ASKER

I knew i had seen this before; thanks for the assist