DC on Server 2008R2 (Very Poorly Structured in terms of Administrative Access)
I am newly Appointed Administrator (Never had experience with RBAC)
There is a Helpdesk team, I want them to have following permissions on DC :
Create/Modify Users, Create OU's/Sub-OU's, Reset Passwords, Create & Modify SG's & DG's
1) Firstly, with TESTADMIN User I am not able to Access DC at all (TESTADMIN is very well added in "Remote Desktop Users" group in AD). It says "Connection was denied because The User Account is not Authorized for Remote Login"
2) "Remote Desktop Users" is very well added in "Allow Logon through Remote Desktop Services" in Local Security Policy of DC
4) Than, I tried logging in to Domain Controller using this TESTADMIN & I was able to (Only after adding TESTADMIN in "Allow Logon through Remote Desktop Services" in Local Security Policy of Domain Controller (But I am not able to open ADUC, though I delegated Control of One OU to this User)
WAO . . . I am really typing Too much :O :O :O
Conclusion, Shall we ;) ???
I want Helpdesk to have LIMITED Access to DC & also to Exchange (PLEASE HELP :D)
Thanks in Advance ! ! !
Mohammed Bin Ahmed - Data Center Engineer