RE: [ActiveDir] When is a domain Admin not a domain Admin?

[joe]

Other than Hunter's extremely valid point, being a full admin of all AD objects does not imply you have all the rights of a DA. DAs are by default part of the domain's local admins group which is also not captured by having full control of all objects in AD but grants all sorts of permissions and "user rights" on DCs. Finally DAs don't have direct full control of all objects in AD, though as indicated by Hunter, this is easily remedied.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Monday, November 28, 2005 3:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] When is a domain Admin not a domain Admin? Well, if they truly have full control over all objects, then they could add themselves into the Domain Admins group. Moot point... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Morley, Scott Sent: Monday, November 28, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] When is a domain Admin not a domain Admin? All,   For reasons too long and boring to mention, I have been asked about the following scenario:   Create a regular normal everyday user Give that user full control over all objects in the domain The user is NOT part of the Domain Admins group     Does the membership of the domain Admins group provide some additional rights/functionality to a user?  Or is full access to all objects equivalent to domain admin rights?         Scott Morley Active Directory Manager MSCE 2000, CCNA, CNE, CNI   "Human beings, who are almost unique in  having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. " - Douglas Adams (1952-2001)   This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.