Irwan, Interestingly, I'm surprised that this worked under Windows 2000 for you, as I can't duplicate it here (nor did I expect to be able to...). The builtin Administrators group is a special group and is specifically for the purposes of use on domain controllers, and is a shared group that would be the same as the groups that you would find on a stand-alone system. Primary difference - there is no administrator or administrators group (as well as others in that builtin container) on the DC. They are created and maintained through AD, which is replicated to all DCs, thereby emulating the behavior of having the users and groups on each DC.
The same effect as what you are looking for can be achieved using DOMAIN\Domain Admins. The groups in the users container are there for the purposes of managing and assigning rights and permissions out of the box - obviously, until you can design and implement your own group strategy. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Irwan Hadi Sent: Wednesday, December 31, 2003 5:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Administrators group I just upgraded all of my domain controllers (2 of them) from Windows 2000 to Windows 2003. The domain itself is still in Windows 2000 native mode. I just noticed one thing, where, supposed I want to share a folder, and among the groups that I want to share this folder to is the built-in administrators group for the domain (DOMAIN\administrators). I noticed that I can't do that anymore on the member servers that run 2003 because in sharing permissions, when I typed 'administrators' (without quotation mark), and then clicked on 'check names', it says "An Object named Administrators can not be found, check the selected object......", but I could still do that on the domain controllers. I'm just curious is this a new behavior in Windows 2003 member servers, or am I missing something here. Not being able to set permission for DOMAIN\administrators group in sharing the folder is not a big problem for me, because in fact only my username resides in the DOMAIN\administrators group besides of course the default users -> DOMAIN\administrator, Domain Admins, Enterprise Admins. I needed to do that, because it would make it easier back then with Windows 2000 in managing the default security permission on the computers' partition (I just removed 'everyone' group, add SYSTEM, COMPUTER\administrators, and DOMAIN\administrators). For the owner of that computer, I just add his DOMAIN\username to the local COMPUTER\administrators group. Thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
