Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to isolate access to domain controllers?

Status
Not open for further replies.
Rowen24

Rowen24

MIS
May 10, 2007
6
US

The situation is this:

We have 23 domain controllers in our environment all over the world. In the last year, we added two for our exchange environment which has been outsourced. Originally, we had these vendors (exchange admins) as domain admins so that they can do what they need on their DC. We removed their access but they want it back again and through the SLA in our face.

My question: I understand that if I give the vendors access to their DC's, then they will have access to all our DC's which is not what I want. How can I restrict them to just having access to their own DC's and nothing else?

Thanks,
Rosalyn
 
Sort by date Sort by votes
Do you only have one domain worldwide then?

Give their accounts just the rights that they need to perform their tasks.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
I'm with Davetoo. Find out what they need access to on the DCs, and delegate that accordingly.

That's one reason why you never put Exchange on a DC is so that you have better control over who has full access. I realize that's not the case here, but there is a parallel to it.

Generally speaking, they shouldn't need full access to a DC.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
 
Upvote 0 Downvote
This isn't so much a technical suggestion but more of a "political" one (as somebody who works for an outsourcing company) ... ask them what rights they do need to carry out their tasks. If they're as good as they say they are then they should know what rights they need. Beleive me, I've had countless struggles with other vendors, who work at our customer sites also, who always try to blame our restrictive permissions every time something goes wrong with their software ... and so far not one of them have been right !!

Good Luck

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
204
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
375
goombawaho
goombawaho
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
126
hairlessupportmonkey
hairlessupportmonkey
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
236
microsGuy16
microsGuy16
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
138
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top