restrict active directory access


i need implement 1 additional dc in 1 of our branch. want give local administrator privilage on adc support in branch. donot want give him access active directory users , computer. how possible

there no "local admin privilege" limited individual dc unless referring rodc (as florian has pointed out). even then, though, resulting account is an ad domain account - not local account.

the account referring exist - it's dsrm admin account - giving credentials support staff not want - since leaves ad vulnerable exploit/damage

so, in short, should reconsider goals - since whatever asking not implementable

hth
marcin



Windows Server  >  Directory Services



Comments

Popular posts from this blog

CRL Revocation always failed

Failed to query the results of bpa xpath

0x300000d errors in Microsoft Remote Desktop client