We have a new domain structure we are planning on rolling out in the next few months.
Essentially there is a single top level and forest domain controller "mydomain.lan" and two children "us.mydomain.lan" and "pl.mydomain.lan". We want to configure an administrator account or two at the top level domain that then has full administrator permissions on the sub domains. By default the top level administrator cannot access or login to machines on the sub-domains. Running W2K8R2.
Ideas?
Best Answer
If you add the administrator accounts in the parent domain to the "Enterprise Admins" builtin group, they should automatically be members of the "Domain Admins" group in child domains.