Hello, all!
We have an Active Directory Domain with multiple sites.
Following Task:
Group of users needs to administer Active Directory (Domain Admins rights only) with an exception - logons must be allowed only to 2 Domain controllers in one Site. Also must have full local administrator rights (drivers update, system update, etc) with
this contollers.
Buildin\Administrators group contains only Enterprise Admins group. However, membership in this group will give rights to every domain controller in the domain.
MVP | MCP Club lead, Moscow