Announcement

Collapse
No announcement yet.

Removing Enterprise admin access on a particular domain in the same forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Removing Enterprise admin access on a particular domain in the same forest

    Is there anyway to remove enterprise admin access to a particular domain in the same forest.

    I know this is going against design, but for policy reason, the domain must join the existing forest, but must be self autonomous and access must remain within the domain administrators of that domain. I know this sounds like a reversal of why join the forest in the first place. Its just stubborn policies and beaurcratic stuff. However, I know that the root forest administrators have admin privilleges to any domain of the forest,

    is there anyway to stop forest root admins from having admin privilleges to a domain tree in the forest?

    or is this impossible by design?

    The domain tree in trying to stop enterprise admin access is running windows server 2003 native

    and the forest root domain is running windows server 2000 mixed.

    any help will be appreciated.

    Thanks!

  • #2
    Re: Removing Enterprise admin access on a particular domain in the same forest

    > is there anyway to stop forest root admins from having admin privilleges to a domain tree in the forest?

    > or is this impossible by design?

    It is impossible. The EA can always take ownership, or assign himself group membership through a site policy.

    Comment

    Working...
    X