Sign in with
Sign up | Sign in
Your question

Enterprise admin group

Last response: in Windows 2000/NT
Share
January 5, 2005 12:49:04 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am a member of the "Enterprise Admins group" But appear to only have
authority in the root domain. I can manage sub domains DC's but have no
authority on sub domains member computers. I need to be the "Administrator"
for all domains. The previous domain admin had a local account to each
domain. I don't believe this is the solution. Any ideas would be most
appreciated.

Thanks in advance

More about : enterprise admin group

January 5, 2005 1:53:01 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

All of the Domain Admin groups are "Global" groups. I can't add the
Enterprise admins group nor any other "non-local" accounts or groups to them.

"Jon" wrote:

> I am a member of the "Enterprise Admins group" But appear to only have
> authority in the root domain. I can manage sub domains DC's but have no
> authority on sub domains member computers. I need to be the "Administrator"
> for all domains. The previous domain admin had a local account to each
> domain. I don't believe this is the solution. Any ideas would be most
> appreciated.
>
> Thanks in advance
>
Anonymous
January 5, 2005 9:21:25 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

For the Enterprise Admin permissions to flow effectively throughout the
forest you must ensure that the Enterprise Admins group is a member of the
domain admins group in each domain. Furthermore, you must have the local
domain admins group as a member of the local administrators group on each
domain member. You can use Group Policies Restricted Groups setting to
enforce the latter.

"Jon" <Jon@discussions.microsoft.com> wrote in message
news:98AEBAA1-C4BC-4119-8401-31B3E2F75652@microsoft.com...
>I am a member of the "Enterprise Admins group" But appear to only have
> authority in the root domain. I can manage sub domains DC's but have no
> authority on sub domains member computers. I need to be the
> "Administrator"
> for all domains. The previous domain admin had a local account to each
> domain. I don't believe this is the solution. Any ideas would be most
> appreciated.
>
> Thanks in advance
>
Anonymous
January 6, 2005 12:03:17 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You need to add yourself to the domain admins group in each domain.

The domain admins group should be a member of the local administrators group
for all domain members (domain-specific mind, hence the reason you need to
be a member of each domain's domain admins group).

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Jon" <Jon@discussions.microsoft.com> wrote in message
news:3CD42DC0-B990-48BA-B6DB-8BBC476028BF@microsoft.com...
All of the Domain Admin groups are "Global" groups. I can't add the
Enterprise admins group nor any other "non-local" accounts or groups to
them.

"Jon" wrote:

> I am a member of the "Enterprise Admins group" But appear to only have
> authority in the root domain. I can manage sub domains DC's but have no
> authority on sub domains member computers. I need to be the
> "Administrator"
> for all domains. The previous domain admin had a local account to each
> domain. I don't believe this is the solution. Any ideas would be most
> appreciated.
>
> Thanks in advance
>
!