Read the AD Delegation WP from MS. There is also one we used for Exchange, the name of it escapes me. Think about investing in a 3rd party tool if at all possible. We run a >20K seat environment with 3 Domain Admins, no Account or Server Ops. I know a guy who ran a Fortune 5 global company with similar numbers. They had 3 guys who were Enterprise/Domain admins..3
From: David Lum [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 2:36 PM To: NT System Admin Issues Subject: Step-by-step for removing domain admins & delegating I have some users I need to pull out of being Domain Administrators, but they still need to be able to create / administer AD and Exchange accounts, remote desktop to the PC's, blah blah blah. While I can always iteratively step through these, has anyone done the same king of thing and have a guideline I can look at before I run through everything step by step? Granted , all environments are different, but if I can get some of the basics covered... I need to come up with documentation and get approval before actually making the change. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
