|
Ok, I’ve always been confused on this issue- It is my understanding that a domain admin only has rights
on the domain naming context of his/her domain in AD and not the config or schema contexts. If this is so, how can I delete a dc thru AD sites and
Services or ntdsutil? Isn’t this in the config
partition? Is ther a good document that specicifes all the rights a domain admin has to ad as opposed
to say, and enterprise admin? Or do I need to parse thru the SDDL in the Schema
to find this? Thanks. I know this is basic, so my apologies to the group. |
