Windows Server 2008 R2 Thread, Setting up extra admin accounts in Technical; At the moment all our team are using the default 'Administrator' account to access the servers, change file permissions and ...
7th March 2013, 11:35 AM #1
Setting up extra admin accounts
At the moment all our team are using the default 'Administrator' account to access the servers, change file permissions and so on.
My aim is to have individual named admin accounts for each member of the team for proper auditing purposes and so on.
What I have done is created a 'Admin users' OU and then selected the built in Administrator account and used the 'Copy' function several times to create the new custom admin user accounts. The theory being they would pick up all the same permissions as the Administrator account.
However, it isn't working properly!
They can't seem to create user accounts in Active Directory using our custom CSV import script and every time they try to access stuff on the file server they get 'You need permission...presss OK to get permission' which does give them permission but adds an entry for their user account to the ACL which gets a bit messy and they should already have access as 'Domain Admins' have full control to the folders and files and they are in the 'Domain Admins' group!
Does anyone have any clue what I'm doing wrong? It all seemed so simple!
7th March 2013, 11:53 AM #2
I've never done it but I thought it would have been a case of creating a new user and making that user a member of the "Administrators" group under "builtin"
The same goes for other groups.
7th March 2013, 11:57 AM #3
Put them in the "Domain Admins" group.
(Compare the group memberships between a working and non working one)
8th March 2013, 03:52 AM #4
also look at the file / folder permissions. If the permissions are set to allow the administrator vs Administrators or Domain Admins, you will get this.
Change the file / folder permissions to reflect the group and not the user.
For AD as long as they are in the domain admins group they should be able to do anything. You could also look at the delegation of control wizard to assign specific roles to them without making them a domain admin.
6th July 2013, 04:14 AM #5
I know this is an old thread, but please don't just put a large group of people in "Domain Admins". Create a domain security group, put those people in it and then add that group to the local administrators group on each server that they need to manage. Even then, only if they really need full admin rights on those servers.
By tosca925 in forum General Chat
Last Post: 21st November 2011, 05:39 PM
By Gavinc in forum Windows
Last Post: 18th December 2008, 09:32 PM
By firefox_2006 in forum How do you do....it?
Last Post: 19th May 2008, 01:30 PM
By Kyle in forum Wireless Networks
Last Post: 19th January 2007, 12:06 PM
By tickmike in forum How do you do....it?
Last Post: 8th September 2006, 09:50 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)