Domain Member Administration

  • Thread starter Thread starter esecureae
  • Start date Start date
E

esecureae

Hi group
I have a AD Domain environment in which there are multiple member
servers running services like sql, exchange, file server etc total of
20 member servers. There are atleast 2 administrators for each
service. Currently we have given domain administrator priviledges to
all the administrators.In this case all the administrators have full
controll on all the servers. We want to restrict the administrators to
admister only the servers that they are responsible for. Is there a
way i can group the servers and the administrators so that can
minimise the no of domain administrators.
 
esecureae said:
Hi group
I have a AD Domain environment in which there are multiple member
servers running services like sql, exchange, file server etc total of
20 member servers. There are atleast 2 administrators for each
service. Currently we have given domain administrator priviledges to
all the administrators.In this case all the administrators have full
controll on all the servers.
Click to expand...

Why did you do that? What was the purpose?
We want to restrict the administrators to
admister only the servers that they are responsible for.
Click to expand...

So take them out of the Domain Admins groups and put
them in the machine Administrator groups on only their
respective machines.
Is there a
way i can group the servers and the administrators so that can
minimise the no of domain administrators.
Click to expand...

Probably best is to build a Global group on the domain for
each Server, or type of service where admins should have
control across multiple servers. Put the "service admins"
only in the correct respective groups.

Place these groups in the local Administrators group on
the respective servers.

If you change a Global group, it will just change it on
the respective servers auto-magically.

KEY:
Think of Global Groups are Groups of Users
Think of Local groups (especially on Domains) as being
for a "class or group of resources".

Sometimes I say, local groups are for a "pattern of access"
to a "collection of resources."

Global user/Local resources.
 
Back
Top