Articles

Add Domain users to local admin

June 4, 2006 at 10:58:18
Specs: Windows2003Server+SP1, P4/1GB

I have Server01 running Win2K3+SP1 with Active Directory Services and serving as domain controller for the Domain01. Server02 is also running Win2K3+SP1 std server edition and is configured as a standalone member server in the domain Domain01. A client/server aplication is hosted on Server02 and needs all the app user (domain users) to be part of the local administrator group on Server02.
Some one, please, help me add the domain users (created on Server01) to the local administrators group on server02. I could do this on a WinXP+SP2 system but not the Server02 running W2K3.

Thanks in advance,


See More: Add Domain users to local admin

Report •


#1
June 4, 2006 at 16:10:20

Hmm....shouldn't be a problem if Server02 is a member of the domain. Just open up the Local Administrators group on it and add the Domain Users group to the Local Admins group. If that's not working for you, explain what's going wrong and what, if any, error messages you're getting.

Report •

#2
June 4, 2006 at 17:01:27

Curt's right (as usual), but why in the world do you want your Domain Users to have Administrative rights on a SERVER???? You should be able to set proper access permissions on the application without allowing full control to the users. Generally a bad idea...

Life is more painless for those who are brainless.


Report •

#3
June 4, 2006 at 17:45:31

Thanks Curt/Jennifer:
When I try to add an object into local Administrators group on Server02, the location field has only Server02 displayed and hence forces me to choose only local accounts. This is only a lab setup for a small group.

Report •

Related Solutions

#4
June 5, 2006 at 04:54:28

There's a drop down box that allows you to choose what container of accounts to use. Make sure you're using the domain as the container.

"Milk was a bad choice!"


Report •

#5
June 5, 2006 at 06:50:37

This seems to be a very simple task but I am still having problems. I am not very familiar with ActiveDirectory.
On Server02->Computer Management->Local Users and Groups-> Groups ->Administrators-> right click and Add to Group -> Click Add -> Select Users window -> 'From this location' field displays the local server name only. I see no options or ways to point to domain users or objects. Please help.


Report •

#6
June 5, 2006 at 07:08:17

"'From this location' field displays the local server name only."

There's a drop down to change this to the domain.

"Milk was a bad choice!"


Report •

#7
June 5, 2006 at 07:15:26

I do not see the drop down option. Clicking on the Locations button, brings up 'Locations' window which has only local server listed.


Report •

#8
June 5, 2006 at 10:47:04

"On Server02->Computer Management->Local Users and Groups-> Groups ->Administrators-> right click and Add to Group -> Click Add -> Select Users window ->"

Instead of "Local Users and Groups", try "Active Directory: Users and Computers".


Report •

#9
June 5, 2006 at 10:55:03

Sorry MAX, I meant to say:

Instead of "Computer Management", use "Active Directory: Users and Computers". From there, you won't be restricted to having to choose from just "Local Users and Groups".


Report •

#10
June 5, 2006 at 11:20:48

Hi Kirk,
Server02 is just a member server and doesn't have the ADS installed. Do you mean to say that I should install the ADS on Server02 as well? If I did that, then Server02 would then be domain controller, right?
The application that I want to install on Server02 doesn't work on domain controller.

Appreciate your response.
Thanks,


Report •

#11
June 5, 2006 at 11:33:54

Try installing the admin pack tools, although you should need it.

ADUC I wouldn't think could be used to do this since it's adding members to a local group.

Are you sure this machine is joined to the domain?

"Milk was a bad choice!"


Report •

#12
June 5, 2006 at 11:34:56

Sorry, should read "athough you shouldn't need it".

"Milk was a bad choice!"


Report •

#13
June 5, 2006 at 11:43:04

I did join Server02 to Domain01 and right now I've logged into the Server02 with domain admin credentials.
Both the systems are configured to be DHCP clients since these are part of corp network.
Know nothing about the admin pack tools.....:-(

Thanks,


Report •

#14
June 5, 2006 at 11:51:02

You say you have a "domain" then the answer will be "Group Policy". Computer Configurations have a setting call "Restricted Group" (It's under Computer Configuration\Windows Settings\Security Settings\Restricted Groups).

So all you have to do is open the group policy of the OU that you want to apply that setting on. Then choose "Restricted Group" . Right click and choose "Add Group". Type in "Administrators". It will pops up a window and there are two settings that you can choose from but I'll show you the first settings which is "Members". (Members mean you will specify who will be local administrators of those client computer in that OU). After you click on "members" button you will need to add "Administrator" and add "yourdomain.com\groupname" or "yourdomain.com\username".

Good Luck


I have NOT lost my mind — I have it backed up on tape somewhere


Report •

#15
June 5, 2006 at 13:03:12

Tony, I believe Restricted Groups simply removes users added to Power Users or Administrator groups after the fact. I do not believe it prevents the addition as someone attempts it.

"Milk was a bad choice!"


Report •

#16
June 20, 2006 at 14:53:49

I'd suggest talking to whoever supports the domain and ask them. If you can join it, they should be providing support...

Report •

#17
August 6, 2006 at 19:48:25

You may want to try adding the group from the domain controller itself. So while logged into the domain controller (Server01) and go to Start > Programs > Administrative Tools > Active Directory Users and Computers. With this console open, go to "Computers". Hopefully, you'll se Server02 in the list of computers. Right click on Server02 and select "Manage" from the drop-down. You should then be able to go to "Local Users and Groups" > Administrators and then add your domain group. Good luck.

Report •


Ask Question