windows-server-2003 – 如何判断某个AD用户是否拥有Windows Server 2003的管理员权限?

前端之家收集整理的这篇文章主要介绍了windows-server-2003 – 如何判断某个AD用户是否拥有Windows Server 2003的管理员权限?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
如何判断某个AD用户是否具有Server 2003框的管理员权限?
我正在使用企业版.
这取决于服务器是否是域控制器.如果它不是域控制器,则所有用户都具有管理员权限,他们是本地Administrators组的成员(请参阅计算机管理>本地用户和组 – 管理员.)

如果服务器是域控制器,则Administrators组或Domain Admins组成员或Enterprise Admins组(如果存在域林)的用户具有该特定服务器的管理员权限.默认情况下,Domain Admins组是域中所有计算机上所有管理员组的成员.

在这里你可以找到一个list of Active Directory built-in Groups and Accounts

Administrators

After the initial installation of the
operating system,the only member of
the group is the Administrator
account. When a computer joins a
domain,the Domain Admins group is
added to the Administrators group.
When a server becomes a domain
controller,the Enterprise Admins
group also is added to the
Administrators group. The
Administrators group has built-in
capabilities that give its members
full control over the system. The
group is the default owner of any
object that is created by a member of
the group.

Domain Admins

A global group whose members are
authorized to administer the domain.
By default,the Domain Admins group is
a member of the Administrators group
on all computers that have joined a
domain,including the domain
controllers. Domain Admins is the
default owner of any object that is
created in the domain’s Active
Directory by any member of the group.
If members of the group create other
objects,such as files,the default
owner is the Administrators group.

Enterprise Admins

A group that exists only in the root domain of an Active Directory forest of domains. It is a universal group if the domain is in native mode,a global group if the domain is in mixed mode. The group is authorized to make forest-wide changes in Active Directory,such as adding child domains. By default,the only member of the group is the Administrator account for the forest root domain.

猜你在找的Windows相关文章