Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Domain Admins vs Enterprise Admins

  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Admins vs Enterprise Admins

    Hi All,
    I searched the net for a about an hour and I could find any Info regarding my question.

    "I have one domain and one Forest" therefore please regard your Answers to my Situation and not for multi Domains.

    My question is Simple:
    can some one tell me or/and find me a good URL that could explain to me what Tasks could be done only by Enterprise Admin and could not be done by a Domain Admins?
    (if there is like a Chart that could compare and stuff it would be even better).

    in other words what tasks in the Directory I want to do I would have to log in with an Enterprise Admins member and Domain Admins Member would not be enough.

    I know there are some stuff that only Enterprise Admins could do even in a one Domain/Forest Environment ,e.g Domain Rename.
    Last edited by Akila; 5th February 2008, 13:24. Reason: added Q mark

  • #2
    Re: Domain Admins vs Enterprise Admins

    Enterprise admins are designated for the entire forest and domain admins are for specific domain only.

    Just have a look at the below article:

    Kapil Sharma
    Life is too short, Enjoy It.


    • #3
      Re: Domain Admins vs Enterprise Admins

      Enterprise Admins are the only group which can perform changes which relate directly to the forest and not an individual domain; there are very few of these tasks. For instance, Forest Prep for R2 or Exchange would need to be done by an Enterprise Admin. Creation of trust relationships between forests. Modifying the values of some object attributes/properties in AD. Creation of Terminal Services Licensing for the whole forest. Destruction of a child Domain or an entire forest. As a rule, if the Change you are planning to make would affect more than an individual domain, you will need Enterprise Admin access - and sometimes you may need Schema Admin access in addition to that.

      These tasks are extremely rarely carried out so you should only need Enterprise Admin access once in a blue moon...

      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you