Child domain - Global group permissions

Archived from groups: microsoft.public.win2000.security (More info?)

I am having a problem assigning Domain Admin privileges in child domain. I
have normal user accounts in a parent domain that need Domain Admin
privileges in a child domain. Apparently by-design, this can't be done,
since the domain admins group is a global group.

Is there a work around or magic that will accomplish the same?

Rob
1 answer Last reply
More about child domain global group permissions
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Microsoft's recommendation for permission delegations is "AGDLP"

    This means you put _A_ccount to _G_lobal Group. You should place Global
    group to (Domain) _L_ocal group and assign permission to it...

    To put it another way. Create new Domain Local group and add Global group
    from other domain. Assign permissions to your resource using newly created
    Domain Local group...

    I hope this helps,

    Mike

    "Rob" <rob john@hmmausa.com> wrote in message
    news:OxWtOMXeEHA.556@tk2msftngp13.phx.gbl...
    > I am having a problem assigning Domain Admin privileges in child domain.
    I
    > have normal user accounts in a parent domain that need Domain Admin
    > privileges in a child domain. Apparently by-design, this can't be done,
    > since the domain admins group is a global group.
    >
    > Is there a work around or magic that will accomplish the same?
    >
    > Rob
    >
    >
Ask a new question

Read More

Security Permissions Domain User Accounts Microsoft Windows