Announcement

Collapse
No announcement yet.

delegation, allow DC logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • delegation, allow DC logon

    We're working on an Active directory plan.
    The company is multinational, and has administrators at each location.
    One of hte requirements is, each administrator must be an administrator of their region only. They must be able to log on to their local DCs only, and not the ones in the data centre, or other sites.

    Initially I thought.. "hey Group policy can do this" but hten i realised, all DCs exist in "Domain Controllers" so the one policy would apply. unless I filtered it to a specific server. THat means that we've then got 10 or 12 "localadmin" policies to apply and filter.. which becomes a bit of an overhead to manage.

    Any suggestions on how I could acheive this aim ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

  • #2
    Re: delegation, allow DC logon

    One way to do and still maintain centralised management would be to use different AD sites and OU for each branch and delegate administration that way.

    One thing you need to plan carefully would be the replication traffic.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: delegation, allow DC logon

      we basically will be doing separate ous and sites, based on region.
      however - the only idea we can get is allow admins to logon by default, then hane an override for say china domain controller, so that only china can logon to it..
      the delegation of ou permissions is cool enough..

      thanks fory our suggestion
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment

      Working...
      X