Re: Domain Admin can't log into child domains
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 15 Feb 2006 22:44:39 -0700
It is that way because someone has set it up that way.
Domain Admins can only log into their own domain in the
default. Enterprise Admins are granted wide-spread rights
in all domains. That is all changable.
The things you need to examine are:
memberships in the Administrators and Domain Admins
groups of each domain
memberships in the Enterprise Administrators group
failing finding them in the above then check Users
grants of terminal services login, either via the Remote
Desktop Users group or directly in the permissions
on the RDP connectoid in the TS config mgmt applet
grants of the Log on locally user rights (for example, you
did not say child DAs are admins in the parent, only that
they could log into the boxes of the parent)
"Ageing Brilliantine Stick Insect"
<AgeingBrilliantineStickInsect@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
We have 2 domains - a parent and a child. They are separated physically -
different buildings. Administrators in the child domain can log onto any
the servers in the parent domain (via terminal services, or physically
sitting at the console) using their child domain credentials (ie
username/password/child-domain-name), however administrators in the parent
domain cannot log onto servers in the child domain (via terminal services,
physically sitting at the console) using their parent domain credentials
- Prev by Date: Re: Restoration.exe?
- Next by Date: Re: Checking ACL's on 60000 Folders - Advice needed
- Previous by thread: Restoration.exe?
- Next by thread: Re: Domain Admin can't log into child domains