LinkedIn respects your privacy

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Join now Sign in

From the course: Windows Server Hybrid Administrator Associate (AZ-801) Cert Prep: 1 Secure Windows Server On-Premises and Hybrid Infrastructures

Unlock the full course today

Join today to access over 24,900 courses taught by industry experts.

Manage AD built-in administrative groups

Manage AD built-in administrative groups - Windows Server Tutorial

From the course: Windows Server Hybrid Administrator Associate (AZ-801) Cert Prep: 1 Secure Windows Server On-Premises and Hybrid Infrastructures

Start my 1-month free trial Buy for my team

Manage AD built-in administrative groups

“

- [Instructor] Built-in groups have a lot of administrative power. So it's a good idea to know what groups exist and what authority they have, so you can decide who should be members of each group. We'll start with the Enterprise Admins Group, and it's located in the forest root domain. So by default, it's a member of the built-in administrators group in every domain in the forest. The built-in administrator account in the forest root domain is the only default member of the group. You can add additional members, but by default, it's just that one user. Enterprise admins are granted rights and permissions that allow them to affect forest-wide changes. These are changes that affect all domains in the forest such as adding or removing domains, establishing forest trusts, or even raising forest functional levels. Each domain in a forest has its own domain Admins group, which is a member of that domain's built-in…

Contents