For an administrator to admin a server which is Active Directoty domain controller like install/unistall software or stop/restart services, as on any other member server, the admin should be a Domain Administrator. However, this can be worked around.
The following procedure will allow you to make a standard Administrator and admin on the domain controller server wherein he can perform day to day administrations without any permissions to alter Active Directory like adding or deleting users.
This procedure required Acitve Directory is in Native Mode.
1. Logon to the Domain Controller as a Domain Admin and open Active Directory Users and Computers.
2. Right-click the Domain Name and select properties.
3. Click Security tab.
4. Add the standard admin users and set permissions for “Full Control” as “Deny”. This will disallow the admin users to even open “Active Directory Users and Computers”.
What would be even better is to create a group for standard admins (say srvradmins) and then add that user to the domain security and set permission as “deny”.
This will allow administrators to admin the server alone and disallow access to the Active Directory.
Incoming search terms:
- Domain Admins (2)
- Access to domain controllers for non-Domain admins (1)
- windows 7 how to create non domain user (1)
- windows 2003 контроллер домена remote registry (1)
- setting up non interactive domain admin service account (1)
- non administrator users без AD (1)
- non admin log into ad controller (1)
- make a non admin an admin windows 8 (1)
- logon to domain controlller with non admin user (1)
- how to allow non domain admin service account scan domain controller (1)