G
Guest
I brought up the great idea of removing the help desk folks from the Domain
Admins group. I want to delegate certain roles to the HD folks by putting
them in group named 'SupportAdmins' or something similar.
If I give this group add/remove group memberships for an OU, say
'Organization' which then has all the subOU's for the various departments. I
do NOT want the group inside the Organization OU as then have the ability to
kick eachother out of the group or attempt to add the SupportAdmins groups to
the Domain Admins group again correct? (Someone before I got here moved the
DomAdm group to the Organization OU)
In other words, should I make an OU outside of Organization named
'Delegates' and create the SupportAdmins group in there.
Admins group. I want to delegate certain roles to the HD folks by putting
them in group named 'SupportAdmins' or something similar.
If I give this group add/remove group memberships for an OU, say
'Organization' which then has all the subOU's for the various departments. I
do NOT want the group inside the Organization OU as then have the ability to
kick eachother out of the group or attempt to add the SupportAdmins groups to
the Domain Admins group again correct? (Someone before I got here moved the
DomAdm group to the Organization OU)
In other words, should I make an OU outside of Organization named
'Delegates' and create the SupportAdmins group in there.