如果服务器是域控制器,则Administrators组或Domain Admins组成员或Enterprise Admins组(如果存在域林)的用户具有该特定服务器的管理员权限.默认情况下,Domain Admins组是域中所有计算机上所有管理员组的成员.

在这里你可以找到一个list of Active Directory built-in Groups and Accounts：

Administrators

After the initial installation of the
operating system,the only member of
the group is the Administrator
account. When a computer joins a
domain,the Domain Admins group is
added to the Administrators group.
When a server becomes a domain
controller,the Enterprise Admins
group also is added to the
Administrators group. The
Administrators group has built-in
capabilities that give its members
full control over the system. The
group is the default owner of any
object that is created by a member of
the group.

Domain Admins

A global group whose members are
authorized to administer the domain.
By default,the Domain Admins group is
a member of the Administrators group
on all computers that have joined a
domain,including the domain
controllers. Domain Admins is the
default owner of any object that is
created in the domain’s Active
Directory by any member of the group.
If members of the group create other
objects,such as files,the default
owner is the Administrators group.

Enterprise Admins

A group that exists only in the root domain of an Active Directory forest of domains. It is a universal group if the domain is in native mode,a global group if the domain is in mixed mode. The group is authorized to make forest-wide changes in Active Directory,such as adding child domains. By default,the only member of the group is the Administrator account for the forest root domain.