I have Server01 running Win2K3+SP1 with Active Directory Services and serving as domain controller for the Domain01. Server02 is also running Win2K3+SP1 std server edition and is configured as a standalone member server in the domain Domain01. A client/server aplication is hosted on Server02 and needs all the app user (domain users) to be part of the local administrator group on Server02.
Some one, please, help me add the domain users (created on Server01) to the local administrators group on server02. I could do this on a WinXP+SP2 system but not the Server02 running W2K3.Thanks in advance,
Hmm....shouldn't be a problem if Server02 is a member of the domain. Just open up the Local Administrators group on it and add the Domain Users group to the Local Admins group. If that's not working for you, explain what's going wrong and what, if any, error messages you're getting.
Curt's right (as usual), but why in the world do you want your Domain Users to have Administrative rights on a SERVER???? You should be able to set proper access permissions on the application without allowing full control to the users. Generally a bad idea... Life is more painless for those who are brainless.
Thanks Curt/Jennifer:
When I try to add an object into local Administrators group on Server02, the location field has only Server02 displayed and hence forces me to choose only local accounts. This is only a lab setup for a small group.
There's a drop down box that allows you to choose what container of accounts to use. Make sure you're using the domain as the container. "Milk was a bad choice!"
This seems to be a very simple task but I am still having problems. I am not very familiar with ActiveDirectory.
On Server02->Computer Management->Local Users and Groups-> Groups ->Administrators-> right click and Add to Group -> Click Add -> Select Users window -> 'From this location' field displays the local server name only. I see no options or ways to point to domain users or objects. Please help.
"'From this location' field displays the local server name only." There's a drop down to change this to the domain.
"Milk was a bad choice!"
I do not see the drop down option. Clicking on the Locations button, brings up 'Locations' window which has only local server listed.
"On Server02->Computer Management->Local Users and Groups-> Groups ->Administrators-> right click and Add to Group -> Click Add -> Select Users window ->" Instead of "Local Users and Groups", try "Active Directory: Users and Computers".
Sorry MAX, I meant to say: Instead of "Computer Management", use "Active Directory: Users and Computers". From there, you won't be restricted to having to choose from just "Local Users and Groups".
Hi Kirk,
Server02 is just a member server and doesn't have the ADS installed. Do you mean to say that I should install the ADS on Server02 as well? If I did that, then Server02 would then be domain controller, right?
The application that I want to install on Server02 doesn't work on domain controller.Appreciate your response.
Thanks,
Try installing the admin pack tools, although you should need it. ADUC I wouldn't think could be used to do this since it's adding members to a local group.
Are you sure this machine is joined to the domain?
"Milk was a bad choice!"
Sorry, should read "athough you shouldn't need it". "Milk was a bad choice!"
I did join Server02 to Domain01 and right now I've logged into the Server02 with domain admin credentials.
Both the systems are configured to be DHCP clients since these are part of corp network.
Know nothing about the admin pack tools.....:-(Thanks,
You say you have a "domain" then the answer will be "Group Policy". Computer Configurations have a setting call "Restricted Group" (It's under Computer Configuration\Windows Settings\Security Settings\Restricted Groups). So all you have to do is open the group policy of the OU that you want to apply that setting on. Then choose "Restricted Group" . Right click and choose "Add Group". Type in "Administrators". It will pops up a window and there are two settings that you can choose from but I'll show you the first settings which is "Members". (Members mean you will specify who will be local administrators of those client computer in that OU). After you click on "members" button you will need to add "Administrator" and add "yourdomain.com\groupname" or "yourdomain.com\username".
Good Luck
I have NOT lost my mind — I have it backed up on tape somewhere
Tony, I believe Restricted Groups simply removes users added to Power Users or Administrator groups after the fact. I do not believe it prevents the addition as someone attempts it. "Milk was a bad choice!"
I'd suggest talking to whoever supports the domain and ask them. If you can join it, they should be providing support...
You may want to try adding the group from the domain controller itself. So while logged into the domain controller (Server01) and go to Start > Programs > Administrative Tools > Active Directory Users and Computers. With this console open, go to "Computers". Hopefully, you'll se Server02 in the list of computers. Right click on Server02 and select "Manage" from the drop-down. You should then be able to go to "Local Users and Groups" > Administrators and then add your domain group. Good luck.
