ericargyle Posted May 7, 2011 Share Posted May 7, 2011 Ever hear of domain admin rights not propagating to the user at the workstation level when logged in? No changes have been made to default domain policy. Seems to have occurred out of nowhere. Any suggestions on how to fix this? Clearly the joined domain machine recognizes the domain user and authenticates. However, rights do not push. Any help would be excellent.Of note, it seems to be any new users I create in AD. Previously created admins do pull appropriate rights on logged in workstations. Also, this on consistent on Win7 and WinXP clients. Thanks guys. Link to comment Share on other sites More sharing options...
allen2 Posted May 7, 2011 Share Posted May 7, 2011 What is in the computer's administrators group ?There should be domain admins (by default) and so as long your users belong to domain admins group, they should have admins rights on the computer.How did you found that domains admins don't have admin rights on computers ? Link to comment Share on other sites More sharing options...
ericargyle Posted May 9, 2011 Author Share Posted May 9, 2011 I rannet user username \domainThe funny thing is that it tells me I'm a member of the local group: administrators. However, I have no access to control panel, or installing apps, etc.Any help would be great. Link to comment Share on other sites More sharing options...
allen2 Posted May 9, 2011 Share Posted May 9, 2011 The net user username /domain doesn't do what you think: it retrieve the user's group membership in AD not locally and that what i asked.Try running:net localgroup administratorsIt should show users/groups belonging to the local administrators group. Link to comment Share on other sites More sharing options...
ericargyle Posted May 14, 2011 Author Share Posted May 14, 2011 Thanks Allen. The issue was Domain Admins were in the local admins group, administrators on the domain were not. I pushed it out with Restricted Groups and that did the trick for affected users. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now