Announcement

Collapse
No announcement yet.

AD Sites and Services Administration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Sites and Services Administration

    What level Administrator does a user need to be to be able to modify AD sites and services? Things like subnets, NTDS settings, etc?

    Also can you delegate control of certain sites and subnets to a user in a subdomain?

  • #2
    Re: AD Sites and Services Administration

    Domain or Enterprise Admin is needed

    You can delegate control of a site: http://technet.microsoft.com/en-us/l...(v=ws.10).aspx
    IIRC this lets you work with subnets within the site
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: AD Sites and Services Administration

      Domain admin at the forest level? Or domain admin within my sub-domain? Where on technet is this published?

      Comment


      • #4
        Re: AD Sites and Services Administration

        Sites and Services are defined within a domain, so domain admin for the domain you are ine

        If you follow the link I posted (to Technet) and look at the navigation bar on the left hand side, you will get more background
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: AD Sites and Services Administration

          Enterprise Admins (and their members) in the Forest root domain (the first domain created in the Forest) have Full control access to all objects in ADS&S. Domain Admins in each child domain have Full controll access to their respective servers in ADS&S. Domain Admins in the Forest root domain have various levels of access to subnets that have been created.

          You can get a feel for the permissions by looking at the Security tab of the properties of the various objects in ADS&S.

          Comment


          • #6
            Re: AD Sites and Services Administration

            So if I am Domain Admin for acb1.abc.com subdomain, and I do not have access to any of my subdomain sites or subnets, an admin at the forest level has modified this?

            Comment


            • #7
              Re: AD Sites and Services Administration

              An Administrator (in the Domain Admins group) in a child domain cannot create Sites or Subnets in ADS&S. They also cannot modify any setting of other servers unless they are servers from the child domain in question.

              Comment

              Working...
              X