Hi Team,
We had run a MBSA scan on all of the domain Controllers in which we found one common thing Multiple Administrators were more than two.
Two accounts were suspicious to me for which I had checked and found they are added in the Bultin\Administrators Group.
1) One is a service account 2) One is user account.
We have multiple DC's under single forest. Now when I dig deeper it is been said this two accounts needs to be part of only two DC's Administrators access not the entire DC's.
When I tried deleting the accounts from one of the DC while going into user accounts -> Manage user accounts --> Removed both the accounts then suddenly after a while it was removed from all of the DC and also from the DC which it was required and parallely seen in Builtin\Administrator group that account was vanished.
I had added them back again.
Now my question over here is :
1) How could I grant the access for the two accounts only to the specific domain controller.
2) As the account which was removed as said above I really don't know which GPO is getting applied ( how to check it).
3) From one of the Technet forum I had got this command net localgroup Administrators /add {domain}\{user} will this command will help . ( In this I will remove once again run the gpupdate /force to all of the Domain Controlller then going to the specific domain Controller and running this command will this would achieve my outcome).
4) Or there is any other GPO which is causing to regenerate the ID after deleting.
5) Do let me know if any more details I need to check in.
Awaiting all expertise answers.
Regards,
Sumeet Mishra
Sumeet Mishra