Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2003 can't use 2000 domain Administrators group?

Status
Not open for further replies.
GremlinHunter

GremlinHunter

Programmer
Sep 13, 2006
22
US
We have several 2003 servers connected to our 2000 domain. Problem I am having is that I can not assign the Domain Administrators Group to anything in 2003. I can find the Local Administrators Group and thats it. Also, under Remote Desktop Users in 2003 there is a note that "Administrators group can connect even if thery are not listed". But no one under the Domain Administrators group can connect even though Adminstrators is in Local Policy->"Allow log on through Terminal Services". Does this just apply to the Local Adminsitrators group and not a Domain Administrators group?

As it is it looks like I have to either create a new group for administrative tasks on 2003 or replace the 2000 Domain Administrators group with one under a different name. Am I just overlooking something simple?
 
Sort by date Sort by votes
Domain Admins group will become a member of local Administrators group of a computer, once you join the computer to the domain.

What is the error you get when you try to add/assign permissions to Domain Admins group?

-Keshav
 
Upvote 0 Downvote
I overlooked the Domain Admins group. I was trying to distinguish between the Local Administrators group on the 2003 server and the Administrators group on the 2000 domain. Interesting, Domain Admins is a member of Administrators on the 2000 domain.

As it is none of the admin users on the 2000 domain are using Domain Admin group just Administrators group. I see what you mean about Domain Admins being added into the Local Administrators on the 2003 boxes though. Looks like this could just be a bad initial rights assignment for the admin users.
 
Upvote 0 Downvote
The Administrators group in an AD domain is for administering the directory. The Domain Admins group is often made a member of the Administrators group in AD. This is what allows access to the DC's and the directory to make changes.

 
Upvote 0 Downvote
Ok, making a test user a member of Domain Admins cleared up the Remote Desktop now allowing connections by default. One thing on it does not make sense to me yet. If we are supposed to use the Domain Admins group for administration instead of Administrators group, then why can I not make anything but a user a member of Domain Admins when I can make user created groups members of Administrators group?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
414
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
149
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
370
fredmartinmaine
fredmartinmaine
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
308
DrB0b
DrB0b
DTGMI
  • Locked
  • Question
Win 2003 & IBM X3350 M2 Server (7946AC1)
Replies
1
Views
82
technome
technome

Part and Inventory Search

Sponsor

Back
Top