This is my problem. I have just migrated a multimaster NT 4.0 environment into a single domain environment with WIN2K. I only want myself and a couple of other users to be Enterprise/Domain Admins.
I created groups and OUs for other locations for their admins.
OU - New York
Group - New York Admins
I then delegated full control of the OU to the group mentioned. I also added the remote locations' admins to the DHCP, DNS, & WINS Admins Groups. They were also added to the Newly created group, Server Operators and Account Managers groups.
I also created a GPO for each OU to add the newly created group to the Local Administrators Group on each individual PC in their respective OU. This was done with the Restricted Group GPO setting. Now they can do everything they need to do, except force replication to occur between domain controllers using the AD Sites and Services Snap-In.
My question is simple. How do I accomplish granting them this ability? I have searched high and low on TechNet and Google, and alas, I have come away empty handed. Please help. It would be greatly appreciated.
Thanks,
--Roger
I created groups and OUs for other locations for their admins.
OU - New York
Group - New York Admins
I then delegated full control of the OU to the group mentioned. I also added the remote locations' admins to the DHCP, DNS, & WINS Admins Groups. They were also added to the Newly created group, Server Operators and Account Managers groups.
I also created a GPO for each OU to add the newly created group to the Local Administrators Group on each individual PC in their respective OU. This was done with the Restricted Group GPO setting. Now they can do everything they need to do, except force replication to occur between domain controllers using the AD Sites and Services Snap-In.
My question is simple. How do I accomplish granting them this ability? I have searched high and low on TechNet and Google, and alas, I have come away empty handed. Please help. It would be greatly appreciated.
Thanks,
--Roger
