Setting up extra admin accounts

[googlemad]

At the moment all our team are using the default 'Administrator' account to access the servers, change file permissions and so on.

My aim is to have individual named admin accounts for each member of the team for proper auditing purposes and so on.

What I have done is created a 'Admin users' OU and then selected the built in Administrator account and used the 'Copy' function several times to create the new custom admin user accounts. The theory being they would pick up all the same permissions as the Administrator account.

However, it isn't working properly!

They can't seem to create user accounts in Active Directory using our custom CSV import script and every time they try to access stuff on the file server they get 'You need permission...presss OK to get permission' which does give them permission but adds an entry for their user account to the ACL which gets a bit messy and they should already have access as 'Domain Admins' have full control to the folders and files and they are in the 'Domain Admins' group!

Does anyone have any clue what I'm doing wrong? It all seemed so simple!

[Gaz]

I've never done it but I thought it would have been a case of creating a new user and making that user a member of the "Administrators" group under "builtin"
The same goes for other groups.

[kmount]

Put them in the "Domain Admins" group.

(Compare the group memberships between a working and non working one)

[dana_lehman]

also look at the file / folder permissions. If the permissions are set to allow the administrator vs Administrators or Domain Admins, you will get this.

Change the file / folder permissions to reflect the group and not the user.

For AD as long as they are in the domain admins group they should be able to do anything. You could also look at the delegation of control wizard to assign specific roles to them without making them a domain admin.