You need to log on with a domain administrator account to edit AD components. It is not related to UAC. When you logon with the normal
user and access AD via RSAT, server will authenticate your certificate. In domain it can be Kerberos or NTLM authentication. The authentication pack that is sent from your computer will only include the current logged on account. Then the access will be confirmed
as a low-privilege access.
↧