Hi Geeks,
I have a domain controller in a sep ad site which is connected to HO by a vpn. we created a user and assign the user domain admin,ent admin rights so that the administrator in the site can use this user to install the dc and exchange. Now the dc and exchange is running fine.
now to the issue i want to remove the ent admin and domain admin rights to the user account so that i dont want the admins in the site be able to configure or change the entire domain config i want them to only manage the dc and their user/pc objects which are in the site and should not access/change anything in any other sites or the entire domain.
same with the exchange the account was used to set up exchange and now i want to remove the rights (exchange ent admin ) and delegate the rights for that user only to manage the paticular admin group in which their servers reside. but if i delegate the rights iam worried it will override the default permissions assigned during the setup process and will stop the exchange services somebody confirm this please.
if i remove the user from domain admin group i want the user to be able to login to that particular dc (which i think is not possible ) need to check any other workaround for this and to manage only the objects which belong to their site.
if i delegate the rights for an OU if the dc is also in the same ou can the delegated user login to the dc and manage the dc ?
please give me a apt solution for the above
thanks in advance.
I have a domain controller in a sep ad site which is connected to HO by a vpn. we created a user and assign the user domain admin,ent admin rights so that the administrator in the site can use this user to install the dc and exchange. Now the dc and exchange is running fine.
now to the issue i want to remove the ent admin and domain admin rights to the user account so that i dont want the admins in the site be able to configure or change the entire domain config i want them to only manage the dc and their user/pc objects which are in the site and should not access/change anything in any other sites or the entire domain.
same with the exchange the account was used to set up exchange and now i want to remove the rights (exchange ent admin ) and delegate the rights for that user only to manage the paticular admin group in which their servers reside. but if i delegate the rights iam worried it will override the default permissions assigned during the setup process and will stop the exchange services somebody confirm this please.
if i remove the user from domain admin group i want the user to be able to login to that particular dc (which i think is not possible ) need to check any other workaround for this and to manage only the objects which belong to their site.
if i delegate the rights for an OU if the dc is also in the same ou can the delegated user login to the dc and manage the dc ?
please give me a apt solution for the above
thanks in advance.