|
|
||
|
| Microsoft Identity Integration Collection |
|
Have a look at the whole article.
|
| Restricted groups with in a Group Policy allow to map membership |
|
Restricted groups allow an administrator to define two properties for security-sensitive groups (that is, "restricted" groups). This can be used to map Members between a local group and a domain security group.
|
| Working with Active Directory Permissions in Microsoft Exchange, How to Delegate to Exchange Administrators |
Microsoft release a guide that helps Exchange architects in their understanding of how Exchange uses Active Directory in the context of permissions.
Go to now |
| Can a Domain Admin become a Enterprise Admin within a Forest? |
| Yes this is correct, Forest is the only security boundary and the domain is an partition for replication propose or administrative boundary. The Domain Admin of a child domain within the forest can use the SID History attribute to become an Enterprise Admin. How ever this is also a question how trusted the domain admins within your organization are, if you trust the domain admins as high as enterprise admins you have to use another delegation model, try to have the minimum members of domain admins, and if you don't can trust the members in the domain admins group as the role enterprise admins, and need security, deploy another forest. |
| Last Reviewed: 15.7.2004 |
| Author: Christoffer Andersson |