I hope this is an easy one - I have a single forest with multiple domains. I
would like to have a single signon to administer all of the domains in the
forest. All the domains are 2003 fuctional level. I can create a group in
domain A and add it to the Enterprise admin group on the forest root but I
cannot add any users or groups from the forest root domain to the domain
admin groups in the child domains. Any thoughts?

Enterprise Admins is a universal group, which is automatically added to
local Administrators group in each domain of the forest. Simply add users
who need to have forest-wide admin privileges directly to it...

hth
Marcin

That gets me half way there. I can administer DC but not member servers. I
need both abilities.

Erik

"Marcin" wrote:

In that case, you would need to add the enterprise admins group to the local
admins group on each server. You might look at using Restricted Groups GPOs
to add this to the local machines.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"eanderso" wrote: