Administration Tools Kit -- Can't remotely modify AD Users & Computers or DHCP

[aronesz]

Greetings,

What group membership must my network user account have to be able to modify and move objects in Active Directory Users and Computers and DHCP from my office workstation? I can see everything in AD Users & Computers but with read-only access.

For DHCP, I can't even see or add the authorized server. What group membership must I be in for read-only access? How about modify access?

This is all for remote administration, without having to RDP into a server logging in onto an admin account -- I don't know what groups allow said admin accounts to be able to freely do things without "Access is denied" messages, but I only need access to DHCP and AD Users & Computers

 

[/usr/home]

If you know the administrator password you can make an MMC console, add the snapins and save it to your desktop. Then while holding shift, right-click on the file and run as different user. Run it as the domain administrator account. It's more secure IMO if you aren't an admin and just have one account assigned to it and just use it's credentials.

 

[BugginOuT]

Assuming you are referring to MS DHCP:

DHCP Administrators and DHCP Users

http://technet.microsoft.com/en-us/library/cc737716(v=ws.10).aspx

AD - You can delegate yourself to access objects in A.D., or add your account to one of the security groups that have elevated access.

 

[XOR != OR]

Note: Never delegate on the root of a domain. Best practice is to create your OU structure to account for the different privileges and responsibilities.

Nothing will go BOOM if you do monkey with security on the root of the domain, it's just bad juju to do so.