Container Administration where you can block out Enterprise Admins

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I hope I am phrasing this right. In NDS (Netware) , you can have Container Admin's where they can "block" the Organizational Admin from browsing/changing Leaf Objects and Organizational Units
Is the same thing possible in Active Directory?
If so, can somebody point me to an article on how to do this

TIA

Sam Berry
 
Hi Samuel , Enterprise Admins are a very power full group, Members of this
group should be highly trusted within your organization. What I want to say
by this is don't think the way of restrict members of the Enterprise Admins
Group. If they are trusted to be in this group they actually suppose to be
enterprise admins, If you should be delegated for a specify OU or a specify
domain, then delegated them the required ability for them do to there work.
In your case use the Delegate Of Control Wizard to delegate rights to threes
users/administrators.

Step-by-Step Guide to Using the Delegation of Control Wizard:
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/delegsteps.asp



--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

Samuel Berry said:
I hope I am phrasing this right. In NDS (Netware) , you can have Container
Click to expand...
Admin's where they can "block" the Organizational Admin from
browsing/changing Leaf Objects and Organizational Units.
 
Not really. In theory you can take away the Admins (and EA) permissons
but they have enough power to take it back, or create a user that has
the power anyway.

If you cannot trust these people, then you have no security.

--
Herb Martin
Samuel Berry said:
I hope I am phrasing this right. In NDS (Netware) , you can have Container
Click to expand...
Admin's where they can "block" the Organizational Admin from
browsing/changing Leaf Objects and Organizational Units.
 
Back
Top