You will also need to be Ent Admin to create and modify Site/Sitelinks and Subnets!....
What we have in my company is a steering committee that looks after changes to the forest at an enterprise level, although this set up might not be viable to you, it works superbly for us, as we have a place holder for the forest(empty) and many trees which are non-contiguous relating to the different facets of our company. I actually went through what you are going through sometime ago and I proposed a steering committee to control changes for ent.admin type of stuff. Regards, Anton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 12 May 2004 21:37 To: ActiveDir (E-mail) Subject: [ActiveDir] A root dc question My apologies if this seems basic and/or silly. Aside from creating new domains or modifying the schema, why would an admin need access to the root dc of a forest(the schema, domain namming master)? furthermore, why would an admin in a child domain need enterprise admin privilges? I only ask because we had issues with our test DR run wherein we didn't have access to the root domain and/or a test root domain vmware'd on a laptop and it ended miserably. i am in the process of convincing the higher ups in my corp of letting our IT dept have enterpise admin access. i'd like to make a case for us as to why we would need this accont with concrete examples(aside from the DR one). ones that a semi tech aware CIO could relate to. What other compelling reasons would one need these rights for in day to day(or not so day to day) AD administration? we are a multi-domain(14) win2k forest in mixed mode with exchange2k in native mode. Thank you in advance for any assitance. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ *********************************************************************************** The information contained in this email is confidential. It may also be protected by legal privilege. It is intended only for the stated addressee(s). If you are not an addressee you must not disclose, copy, circulate nor use the information contained in it. If you have received this email in error please inform the sender immediately and delete it and any copies from your system. ***********************************************************************************
<<winmail.dat>>