Server 2012 R2 U1 - Need a user that cannot damage my domain admin account

T

troyquigley

Guest
we are finally getting managed services to help when I am unavailable.

i obviously need to give the company access (login) to our server, but I don't want to give them the power to mess with my domain admin account.

what is the best way to give a managed services company power to do what they need without unnecessary rights.

i am concerned over an angy employee locking or changing the password on my admin account and locking us out.
 
You need to look into delegating control in AD. I'm assuming you are only wanting this user to have rights to create, edit, delete, accounts in AD? If so, just delegate the control on the OU's that give that specific user the rights required.
 
From the way you described it the provider will need full admin access. If you're, as you described it, not available then someone has to do the job. If you have trust issues then either:

A. You've chosen the wrong company to partner with.
B. You're the wrong person for the admin job and need to be let go.
 
Back
Top