Results 1 to 3 of 3

Thread: Creating "custom named" cloned group of "Domain Admins"

  1. #1
    Join Date
    Sep 2011
    Posts
    1

    Creating "custom named" cloned group of "Domain Admins"

    Hi All,

    I am working with this messaging software and one of the requirements is a service account - call it "MailAdmin". It cannot be a member of any other user group other than "domain users" but must be granted the "send as" permission to all on the domain. Ok, no big deal.

    Problem is, there is a protected group "Domain Admins" of which I am a member and as such, the AD does not allow "send as" to be assigned to anything in that group. So if I keep membership to any of the protected groups (Domain Admins, Admins, Enterprise Admins, etc.) I cannot send mail and my device gets "blocked" since it sees no permission to the connected mail box.

    How can I create a group that will emulate the permissions and abilities of the "domain admins" group but be a custom group that AD won't block the "send as" feature from? In other words - how can I make my own version of "Domain Admins" called "IT Admins" that will perform identically?

    Thanks!

    Jon

  2. #2
    Join Date
    Jul 2011
    Posts
    355

    Re: Creating "custom named" cloned group of "Domain Admins"

    This depends on your requirements. You want all groups to be cloned with permissions or just the accounts. You will need to run an appropriate script to get the exact result. This script is used to export the name of group and also possibilities to generate new groups in the domain. On web there are some sample scripts that you can download and try. But that should be on your own risk.

  3. #3
    Join Date
    Oct 2005
    Posts
    319

    Re: Creating "custom named" cloned group of "Domain Admins"

    I think the best approach is to limit the number of users in these protected groups to mitigate this as much as possible. For those users that must be in the protected group, you would have to create a duplicate account that is not a member of the protected group.

Similar Threads

  1. Domain Controller "status"on new W2K8 server is "not available"
    By Susan Bradley in forum Active Directory
    Replies: 2
    Last Post: 13-12-2011, 03:03 PM
  2. "Event Log Readers" group for domain controllers
    By etienne in forum Active Directory
    Replies: 2
    Last Post: 27-11-2010, 06:40 PM
  3. Replies: 6
    Last Post: 18-05-2010, 12:27 AM
  4. Replies: 1
    Last Post: 27-06-2008, 03:59 PM
  5. Replies: 1
    Last Post: 06-11-2007, 02:18 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,687,529.41945 seconds with 17 queries