For an administrator to admin a server which is Active Directoty domain controller like install/unistall software or stop/restart services, as on any other member server, the admin should be a Domain Administrator. However, this can be worked around.
The following procedure will allow you to make a standard Administrator and admin on the domain controller server wherein he can perform day to day administrations without any permissions to alter Active Directory like adding or deleting users.
This procedure required Acitve Directory is in Native Mode.
1. Logon to the Domain Controller as a Domain Admin and open Active Directory Users and Computers.
2. Right-click the Domain Name and select properties.
3. Click Security tab.
4. Add the standard admin users and set permissions for “Full Control” as “Deny”. This will disallow the admin users to even open “Active Directory Users and Computers”.
What would be even better is to create a group for standard admins (say srvradmins) and then add that user to the domain security and set permission as “deny”.
This will allow administrators to admin the server alone and disallow access to the Active Directory.
Incoming search terms:
- non domain admin access domain controller (4)
- allow a non domain admin access to a domain controller (1)
- perms for a non-domain admin to logon to a domain controller (1)
- non-admin login to domain controller (1)
- non domain admins logon to DC (1)
- non domain admin logon to domain controller (1)
- non domain admin logon to 2008 domain controller (1)
- non admins install updates on dc (1)
- how to make a user a domain administrator (1)
- how to grant administrative rights on a ts 2008 to a non-domain admin (1)