How to make a Non Domain Aministrator an admin on the Domain Controller server
If you're new here, you may want to subscribe to Windows Reference RSS feed Thanks for visiting!
For an administrator to admin a server which is Active Directoty domain controller like install/unistall software or stop/restart services, as on any other member server, the admin should be a Domain Administrator. However, this can be worked around.
The following procedure will allow you to make a standard Administrator and admin on the domain controller server wherein he can perform day to day administrations without any permissions to alter Active Directory like adding or deleting users.
This procedure required Acitve Directory is in Native Mode.
1. Logon to the Domain Controller as a Domain Admin and open Active Directory Users and Computers.
2. Right-click the Domain Name and select properties.
3. Click Security tab.
4. Add the standard admin users and set permissions for “Full Control” as “Deny”. This will disallow the admin users to even open “Active Directory Users and Computers”.
What would be even better is to create a group for standard admins (say srvradmins) and then add that user to the domain security and set permission as “deny”.
This will allow administrators to admin the server alone and disallow access to the Active Directory.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically each day to your feed reader.
No comments yet.
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>