Sign in with
Sign up | Sign in
Closed

Add One Windows Server 2012 Domain User to Domain Admins Group

This Tutorial addresses:
  • Domain
  • Windows Server
Unlike the process of promoting a standard (non-administrator) user account to local administrator of a workgroup computer, the process of promoting a domain user to a domain administrator is a bit simpler and very straightforward. However before you promote a domain user to a domain administrator, make sure that the user who uses the account is trustworthy, and ensure that the account and its privileges would not be misused in any way.

If you are promoting a domain user to a domain administrator just to allow the user to perform some administrative tasks, it is recommended that you use the Delegation of Control feature that the Windows Server 2012 provides. By using the delegation, you can allow a standard domain user to perform a few administrative tasks without adding the account to any administrative group, and granting unnecessary privileges that can be misused because of ignorance or bad intentions.

However, you can still add the domain user to the Domain Admins group if needed.

Here is how you can add a particular Windows Server 2012 Active Directory domain user to Domain Admins group in order to allow him to get all the domain administrator privileges:

  1. Log on to the Windows Server 2012 Active Directory domain controller with the Enterprise Admin or Domain Admin account credentials.

  2. If not already started, initialize the Server Manager window from the bottom left corner of the screen.

  3. On the opened Server Manager window, go to the Tools menu from the menu bar.

  4. From the displayed list, click Active Directory Users and Computers.



  5. On the opened Active Directory Users and Computers snap-in, from the left pane, expand the current domain name. (MYDOMAIN.COM for this demonstration.).

  6. From the expanded tree, locate the target OU that contains the domain user account that you want to promote to the domain admin.

  7. Once located, from the right pane, right-click the target user account. (User-01 for this demonstration.).

  8. From the displayed context menu, click Add to a group.



  9. On the opened Select Groups box, in the Enter the object names to select list, type
    Domain Admins and click the Check Names button.



  10. Once the group name is verified, click OK.

  11. On the displayed Active Directory Domain Services information box, click OK to acknowledge the successful completion of the task.

  12. If the User-01 is logged on, log off the account from the computer, and log back in in order to use the account with the domain administrator privileges.

    Can't find your answer ? Ask !