Giving local Admin rights to AD 2003 Domain Admin users

Giving local Admin rights to AD 2003 Domain Admin users

Post by Manjula De » Sun, 09 Sep 2007 19:26:35


Hi All,

I had to replace a old PC in a small office which runs AD. I replaced
the machine and add the Machine to the AD as member and it used the
old member name automatically. When I logged in to the domain using
this new machine (as a user) and try to add Printers or users to the
machine, to gives a message that I don't have sufficient privileges.
The user is a member to the Admin group in AD and this account has
local admin rights. But when I logged to local machine or logged as
Domain admin to the machine I could add printers.
This may be a config issue and I am not an AD expert and I need some
advice from any one to overcome the issue.

Thanx Guys,

Manjula
 
 
 

Giving local Admin rights to AD 2003 Domain Admin users

Post by Meinolf We » Tue, 11 Sep 2007 00:46:03

Hello Manjula,

You talked about replacing an old machine. Then you said it takes automatically
the old name? So you did a restore from backup? Or do you install a new machine
just with the same name? Please give some more infos about the installation,
promotion to DC and the demotion of the old machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

 
 
 

Giving local Admin rights to AD 2003 Domain Admin users

Post by Meinolf We » Sat, 15 Sep 2007 06:39:33

Hello Manjula,

Please do not email, use the NG, then also other people here can read what's
going on and can help you also.

Hi Meinolf,

Thanks for the prompt reply.
This was a client machine in the doamin and I did a fresh installation as
the old machine was busted.
Once I connect the machine to the domain it took the old member name and
I used the existing domain account to logged in. This is where I faced the
problem.
When I logged on to other machines using the same account I could do admin
tasks, But not when I looged in to this machine.
How ever I found a work around by adding this domain account as a member
of local admin group in the machine. That resolves the issue.
BUT the part I dont understand is in other machines this account can do admin
tasks with out addin the account as a member of local admin.
Any thoughts


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
 
 

Giving local Admin rights to AD 2003 Domain Admin users

Post by Meinolf We » Sat, 15 Sep 2007 06:46:50

Hello Manjula,

see inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.


after installation, did you add it to the domain or only connect it via switch?



not possible from itself, you have to specify the name by hand or via automatic
installation but the machine will not take it alone.



How is DNS setup in your environment?