Enterprise admin group

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am a member of the "Enterprise Admins group" But appear to only have
authority in the root domain. I can manage sub domains DC's but have no
authority on sub domains member computers. I need to be the "Administrator"
for all domains. The previous domain admin had a local account to each
domain. I don't believe this is the solution. Any ideas would be most
appreciated.

Thanks in advance
3 answers Last reply
More about enterprise admin group
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    All of the Domain Admin groups are "Global" groups. I can't add the
    Enterprise admins group nor any other "non-local" accounts or groups to them.

    "Jon" wrote:

    > I am a member of the "Enterprise Admins group" But appear to only have
    > authority in the root domain. I can manage sub domains DC's but have no
    > authority on sub domains member computers. I need to be the "Administrator"
    > for all domains. The previous domain admin had a local account to each
    > domain. I don't believe this is the solution. Any ideas would be most
    > appreciated.
    >
    > Thanks in advance
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    For the Enterprise Admin permissions to flow effectively throughout the
    forest you must ensure that the Enterprise Admins group is a member of the
    domain admins group in each domain. Furthermore, you must have the local
    domain admins group as a member of the local administrators group on each
    domain member. You can use Group Policies Restricted Groups setting to
    enforce the latter.

    "Jon" <Jon@discussions.microsoft.com> wrote in message
    news:98AEBAA1-C4BC-4119-8401-31B3E2F75652@microsoft.com...
    >I am a member of the "Enterprise Admins group" But appear to only have
    > authority in the root domain. I can manage sub domains DC's but have no
    > authority on sub domains member computers. I need to be the
    > "Administrator"
    > for all domains. The previous domain admin had a local account to each
    > domain. I don't believe this is the solution. Any ideas would be most
    > appreciated.
    >
    > Thanks in advance
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    You need to add yourself to the domain admins group in each domain.

    The domain admins group should be a member of the local administrators group
    for all domain members (domain-specific mind, hence the reason you need to
    be a member of each domain's domain admins group).

    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    "Jon" <Jon@discussions.microsoft.com> wrote in message
    news:3CD42DC0-B990-48BA-B6DB-8BBC476028BF@microsoft.com...
    All of the Domain Admin groups are "Global" groups. I can't add the
    Enterprise admins group nor any other "non-local" accounts or groups to
    them.

    "Jon" wrote:

    > I am a member of the "Enterprise Admins group" But appear to only have
    > authority in the root domain. I can manage sub domains DC's but have no
    > authority on sub domains member computers. I need to be the
    > "Administrator"
    > for all domains. The previous domain admin had a local account to each
    > domain. I don't believe this is the solution. Any ideas would be most
    > appreciated.
    >
    > Thanks in advance
    >
Ask a new question

Read More

Domain Enterprise Active Directory Windows