June 2017
Beginner to intermediate
742 pages
18h 29m
English
Content preview from Mastering Active Directory
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Predefined Active Directory administrator roles
Active Directory has predefined administrator roles, and it has predefined permissions attached to it. If a user account needs to grant these role permissions, it needs to be added to the relevant security group:
- Enterprise Admins: This is the highest Active Directory role permission which can be applied for in the AD forest. The accounts that are part of this group can modify the logical and physical topology of the Active Directory infrastructure. It also allows you to do schema change. This role is capable of managing other role memberships (Enterprise Admins, Schema Admins, and Domain Admins).
- Schema Admins: Members of this group can modify the Active Directory schema. This is included ...