For an administrator to admin a server which is Active Directoty domain controller like install/unistall software or stop/restart services, as on any other member server, the admin should be a Domain Administrator. However, this can be worked around.
The following procedure will allow you to make a standard Administrator and admin on the domain controller server wherein he can perform day to day administrations without any permissions to alter Active Directory like adding or deleting users.
This procedure required Acitve Directory is in Native Mode.
1. Logon to the Domain Controller as a Domain Admin and open Active Directory Users and Computers.
2. Right-click the Domain Name and select properties.
3. Click Security tab.
4. Add the standard admin users and set permissions for “Full Control” as “Deny”. This will disallow the admin users to even open “Active Directory Users and Computers”.
What would be even better is to create a group for standard admins (say srvradmins) and then add that user to the domain security and set permission as “deny”.
This will allow administrators to admin the server alone and disallow access to the Active Directory.
Incoming search terms:
- how to make a user a domain administrator in active directory domain (2)
- logon dc not domain admin (2)
- how to make user server operator on domain controller (1)
- logon to domain controller without domain admin (1)
- make somone an administraor of a domain controller (1)
- non adminstrator log on to 2008 domain controller (1)
- non-admin login into domain controller (1)
- non-domain admin account bind to domain (1)
- shutdown windows domain controller with a non domain admin account (1)
- access windows 2008 domain controller non domain admin account (1)