Now that we're beyond the technical specs... does anyone else cringe at the idea of granting domain admin privileges to satisfy local administrative rights privileges to machines?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, June 27, 2005 5:31 PM To: [email protected] Subject: Re: [ActiveDir] Domain Admins Group Membership Juan, You won't be able to add users from another domain to the Domain Admins group. The Domain Admins group is a global group, and rules for Globals Groups are that they can contain users from the domain in which the global group was created. By that rule, only users of Domain A may be members of the Domain Admins group of Domain A. However, IIRC, the Administrators group is a special group or a Domain Local group, and will allow the add of users from Domain B. Rick > > From: "Ibarra, Juan" <[EMAIL PROTECTED]> > Date: 2005/06/27 Mon AM 11:24:58 EDT > To: <[email protected]> > Subject: [ActiveDir] Domain Admins Group Membership > > Hi, > > > > I need to add certain users from domain B, Win 2000 Domain, to the > Domain Admins group of Domain A, Windows 2003 Domain. There is a two > way trust between the two domains; however, I don't seem to find the way > to do this. I am able to add users to shares but not the group. > > > How could I accomplish this? > > > > Thanks, > > Juan > > > > > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
