GET-IT: TEAMS DAY | 1-Day Free Virtual Conference all about Teams. Here on Petri.com - 8/12/20 GET-IT: TEAMS DAY - 8/12/20

Adminster group policies across multiple domains in the same forrest

Home Forums Microsoft Networking and Management Services GPO Adminster group policies across multiple domains in the same forrest

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    jasebert
    Member
    #130354

    Hi all,

    I am hoping this is a relatively simple question.

    Basically my scenario is that I have one forest and the root domain of the forest is jasebert.com. I then have 5 second level child domains names me.jasebert.com, you.jasebert.com etc.

    What I need to do is allow users of say me.jasebert.com to administer group policy in you.jasebert.com. Now this in itself can be easily done, however I can not give the group policy admins Enterprise Admin access.

    So basically can I confirm that I am on the right track.

    I create a Universal Group named say “Delegated gp admins” in the root domain. I then create a Global Group in me.jasebert.com called “GG Delegated gp Admins” and add the users to that group. After that I add this global group to the Universal Group.

    In the you.jasebert.com domain I then create “”GG Delegated gp Admins” and add the “GG Delegated gp Admins” into the GP objects I wish them to administer. I then add this group to the Universal Group also.

    The Domains and Forest functional level is all on W2k3 so Universal groups can be used.

    Does this sound right?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.