locked
Administrator Account RRS feed

  • Question

  • As per Microsofts suggestion, I have created a copy of the built-in Administrator account, however using the account on a RODC it has limited access for installing programs, copying files etc.
    In active directory I have copied the administrator account, so all group membership and access are the same.

    Any suggestions how to correct the problem?

     
    Thursday, February 12, 2009 7:57 PM

Answers

  • Hi,

    You may have to explicitly delegate rights on the RODC for this administrator account you have created. RODCs work on a somewhat new administration model called Administrator Role Separation (ARS) wherein certain administrative tasks can be delegated to other administrators without giving domain admin privileges.

    For example, you have a branch office with a site administrator, previously, if you install a DC on that site and you grant admin rights to the site administrator on this new DC you are effectively granting him domain admin rights (which may not be what you really want). However, if you install an RODC and delegate administrative rights for the site administrator on this RODC, his rights are only limited on the RODC alone (installing patches, creating shares, etc).

    You can find more info regarding ARS here: http://technet.microsoft.com/en-us/library/cc753170.aspx.

    Regards,

    Salvador Manaois III
    C|EH MCSE MCSA MCITP | Enterprise & Server Admin
    Bytes & Badz : http://badzmanaois.blogspot.com
    • Proposed as answer by David Shen Friday, February 13, 2009 10:49 AM
    • Marked as answer by David Shen Tuesday, February 17, 2009 3:37 AM
    Friday, February 13, 2009 5:40 AM