Well our organization is a single forest, and we use a place holder domain in its own domain tree. Our organization is federated so we have over 27 separate namespaces within the same geographic area. Currently when we join organizations to the forest, we are required to show up and type in the EA account and password. I would like to delegate this to the group creating the domain. So we don't have to show up if we don't want to. Once the domain is created, we would take away the privilege.
Todd -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 4:29 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Domain Creation Delegation I would be interested to know why you would want to do this. I would have thought that the creation of domains is not a everyday activity, so why would you want to delegate? Wouldn't you also lose centralised control over the forest structure? This could have implications for replication and site design. If you simply want to restrict the Enterprise Admins group, there is an interesting whitepaper from Lucent: http://www.lucent.com/livelink/161922_Whitepaper.pdf Tony ---------- Original Message ---------------------------------- From: "Myrick, Todd (CIT)" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Sun, 17 Mar 2002 14:16:22 -0500 Has anyone figured out how to properly delegate the ability to create new domain trees and domains or pre-create domains and domain trees? I have an article from the "AD Notes From the Field" book, that describes this process, but that is the only article I found on it, and it is really complicated. I don't want to make people Enterprise Admins either. Thanks in Advance Todd Myrick List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
