MMC, Windows 2000 Server and Adding User to Remote Machine

[DavidNoack]

Hi,

Here is what I am trying to do.

I have a Windows 2000 server as a domain controller. I have a second
Windows 2000 server as another domain comptroller for replication
purposes. I would like to add a user to a Windows 2000 Professional
machine and delegate control over an organizational unit. The user can
log on to the domain. I decided to use MMC so the user from his
machine can perform some administrative functions.

I used MMC and picked Local Users and Groups snap-in and connected to
a remote machine. One there, I added the domain users to the local
administrator's group on the local machine. However, when I try to log
in to the Windows 2000 computer (local machine) as the user I just
gave access it, I'm prompted for a password. I did not assign any
password.

What I am a doing wrong?

Thanks,

David

 

[Ray Lava [MSFT]]

David,

I am not sure why you are are adding the domain users to the local
administrators group on the local machine. You should log onto the domain
controller as a domain administrator and then use AD Users and Computers to
delegate control of the OU to a domain user or group. Once this has been
done, you will want to install the adminpak.msi onto the domain user's
computer that had delegated privileges. Then that user should log onto his
W2K workstation and be able to open ADUC to remotely administer that OU.
Let me know if this does not make sense or if I have just misunderstood your
question.

This link gives you a more detailed description of how to enable delegation
with links to other KB articles:
http://support.microsoft.com/?id=315676

I hope this helps.

Ray Lava
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights