I might go so far as to create a new account for the consultant. Inform the consultant to only use the new account when they need to perform the work on the two servers. A new account will allow you to audit their work and also watch for "creep". Also, do not give the elevated account e-mail or anything like so that there is no way those servers can pick up anything like a virus or spyware.
Dan > -------- Original Message -------- > Subject: [ActiveDir] Domain Admin > From: "Patrick" <[EMAIL PROTECTED]> > Date: Tue, January 09, 2007 10:19 pm > To: <ActiveDir@mail.activedir.org> > > I have a consultant that is asking for domain admin rights on 2 member > servers. I have google it but nothing seems to work out right. The servers > are on the domain but the consultant just has a domain user account. He can > logon on to the servers while they are on the domain but the administrative > tools is not there (as it should). I want to creat an OU and put the two > machines in that ou and delegate control to the consultants domain user > account. Any other way to do this without registry hacks or scripts? All > assistance welcomed List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
