Guest eanderso Posted February 15, 2008 Posted February 15, 2008 I hope this is an easy one - I have a single forest with multiple domains. I would like to have a single signon to administer all of the domains in the forest. All the domains are 2003 fuctional level. I can create a group in domain A and add it to the Enterprise admin group on the forest root but I cannot add any users or groups from the forest root domain to the domain admin groups in the child domains. Any thoughts?
Guest Marcin Posted February 15, 2008 Posted February 15, 2008 Re: Authenticating across multiple domains in the smae forest Enterprise Admins is a universal group, which is automatically added to local Administrators group in each domain of the forest. Simply add users who need to have forest-wide admin privileges directly to it... hth Marcin
Guest eanderso Posted February 15, 2008 Posted February 15, 2008 Re: Authenticating across multiple domains in the smae forest That gets me half way there. I can administer DC but not member servers. I need both abilities. Erik "Marcin" wrote: > Enterprise Admins is a universal group, which is automatically added to > local Administrators group in each domain of the forest. Simply add users > who need to have forest-wide admin privileges directly to it... > > hth > Marcin >
Guest Ryan Hanisco Posted February 16, 2008 Posted February 16, 2008 Re: Authenticating across multiple domains in the smae forest In that case, you would need to add the enterprise admins group to the local admins group on each server. You might look at using Restricted Groups GPOs to add this to the local machines. -- Ryan Hanisco MCSE, MCTS: SQL 2005, Project+ http://www.techsterity.com Chicago, IL Remember: Marking helpful answers helps everyone find the info they need quickly. "eanderso" wrote: > That gets me half way there. I can administer DC but not member servers. I > need both abilities. > > Erik > > "Marcin" wrote: > > > Enterprise Admins is a universal group, which is automatically added to > > local Administrators group in each domain of the forest. Simply add users > > who need to have forest-wide admin privileges directly to it... > > > > hth > > Marcin > >
Recommended Posts