Hello again - here is a 'short form' answer to your questions: I confirm the Domain Administrators group is granted full permissions on the various naming contexts for the purposes of administration. For example, to restore deleted objects, as well as granting replication permissions for other accounts.
I will visit this in depth, and will follow up with my findings. Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606 From: Bill Wesse Sent: Tuesday, September 22, 2009 12:48 PM To: '[email protected]' Cc: '[email protected]' Subject: SRX090922600157 : [MS-ADTS] 7.1.1.1 Naming Contexts Domain Admins Permissions Good day Nadya (please let me know if I am using your name correctly)! I have created case SRX090922600157, in order to track our work concerning your questions (shown below). Hopefully, we have not missed anything you are enquiring after. 1. Why are the domain admins also provided full permissions if not needed for replication? 2. Is this for the administrative purposes only? 7.1.1.1.2 Config NC Root 7.1.1.1.3 Schema NC Root 7.1.1.1.4 Domain NC Root In order for D2 to replicate the NC, D2 must be granted the following rights on the NC root... Regards, Bill Wesse MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: +1(980) 776-8200 CELL: +1(704) 661-5438 FAX: +1(704) 665-9606
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
