domain admin group of parent domain is NOT a member domain..

[TJ]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We have a windows 2000 active directory network in mixed mode. We have one
forest with one parent domain and just recently added one child domain.

My problem is that the domain admins in the parent domain are NOT a member
or are not domain admins of the child domain.

I need help on troubleshooting this issue. Any suggestions, tools to use
etc. is much appreciated.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

What is your goal here? If it's just to have the parent domain admins have
the admin role in your child domain you should just be able to add them. In
your child domain Users OU, you'll see domain admins. Just go to properties
on this, click the dropdown and select your parent domain admins group.

AJ, MCSE


"TJ" wrote:

> We have a windows 2000 active directory network in mixed mode. We have one
> forest with one parent domain and just recently added one child domain.
>
> My problem is that the domain admins in the parent domain are NOT a member
> or are not domain admins of the child domain.
>
> I need help on troubleshooting this issue. Any suggestions, tools to use
> etc. is much appreciated.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

A.J. has this right on. Just to add, you shouldn't expect that the
parent domain's admins will propagate down to the child domain. That's
what the Enterprise Domain group is for, as that is forest-wide. So
don't worry that anything is misconfigured. This is what is supposed to
happen.

Take care.
_______________
Steve Athanas
MCSE (2003)

A. J. Davis wrote:
> What is your goal here? If it's just to have the parent domain admins have
> the admin role in your child domain you should just be able to add them. In
> your child domain Users OU, you'll see domain admins. Just go to properties
> on this, click the dropdown and select your parent domain admins group.
>
> AJ, MCSE
>
>
> "TJ" wrote:
>
>
>>We have a windows 2000 active directory network in mixed mode. We have one
>>forest with one parent domain and just recently added one child domain.
>>
>>My problem is that the domain admins in the parent domain are NOT a member
>>or are not domain admins of the child domain.
>>
>>I need help on troubleshooting this issue. Any suggestions, tools to use
>>etc. is much appreciated.
>>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"TJ" <TJ@discussions.microsoft.com> wrote in message
news:A469B4FB-B22B-43DC-99EC-E532F2E0E7DF@microsoft.com...
> We have a windows 2000 active directory network in mixed mode. We have
one
> forest with one parent domain and just recently added one child domain.
>
> My problem is that the domain admins in the parent domain are NOT a member
> or are not domain admins of the child domain.
>
> I need help on troubleshooting this issue. Any suggestions, tools to use
> etc. is much appreciated.

[Same as what the other two responders said,
with this addition.]

The parent admins are NOT expected to be
admins of other domains UNLESS the parent
is THE ROOT FOREST domain -- then they
get the privileges by being Enterprise Admins.


--
Herb Martin


>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi, Herb:

I think that that is only true if you have placed the root domain's
admins in the Enterprise Admins group.

In my experience, only the actual "Administrator" account has the
automatic enterprise admin credential.

Then again, I've had a long day, and could be wrong. Off to test it in
VM-land.

__________________
Steve Athanas
MCSE (2003)

Herb Martin wrote:
> "TJ" <TJ@discussions.microsoft.com> wrote in message
> news:A469B4FB-B22B-43DC-99EC-E532F2E0E7DF@microsoft.com...
>
>>We have a windows 2000 active directory network in mixed mode. We have
>
> one
>
>>forest with one parent domain and just recently added one child domain.
>>
>>My problem is that the domain admins in the parent domain are NOT a member
>>or are not domain admins of the child domain.
>>
>>I need help on troubleshooting this issue. Any suggestions, tools to use
>>etc. is much appreciated.
>
>
> [Same as what the other two responders said,
> with this addition.]
>
> The parent admins are NOT expected to be
> admins of other domains UNLESS the parent
> is THE ROOT FOREST domain -- then they
> get the privileges by being Enterprise Admins.
>
>