|
We’d like to eventually trim down the number of domains and get to an OU-based administrative model. But in the mean time, we have identified a couple of people that we want to have domain admin rights in all domains. I know that making them an enterprise admin allows them domain admin rights on the DCs in each domain because of membership in the BUILTIN\Administrators group in each domain. But that doesn’t allow logon to all the member servers. How do I best grant “domain admin-level” rights across all domains in the forest with a single logon for each of these persons? Looking for a best practice.
Thanks!
Mark Creamer Systems Engineer Cintas Corporation Honesty and Integrity in Everything We Do
|
- RE: [ActiveDir] enterprise-wide accounts Creamer, Mark
- RE: [ActiveDir] enterprise-wide accounts joe
- RE: [ActiveDir] enterprise-wide accounts Depp, Dennis M.
- RE: [ActiveDir] enterprise-wide accounts Cary, Mark
- RE: [ActiveDir] enterprise-wide accounts Grillenmeier, Guido
- RE: [ActiveDir] enterprise-wide accounts Mike Celone
- RE: [ActiveDir] enterprise-wide accounts Matjaž Ladava
- RE: [ActiveDir] enterprise-wide accounts Grillenmeier, Guido
