|
Posted by Roger Abell [MVP] on February 16, 2006, 12:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
It is that way because someone has set it up that way.
Domain Admins can only log into their own domain in the
default. Enterprise Admins are granted wide-spread rights
in all domains. That is all changable.
The things you need to examine are:
memberships in the Administrators and Domain Admins
groups of each domain
memberships in the Enterprise Administrators group
failing finding them in the above then check Users
grants of terminal services login, either via the Remote
Desktop Users group or directly in the permissions
on the RDP connectoid in the TS config mgmt applet
grants of the Log on locally user rights (for example, you
did not say child DAs are admins in the parent, only that
they could log into the boxes of the parent)
"Ageing Brilliantine Stick Insect"
> We have 2 domains - a parent and a child. They are separated physically -
> 2
> different buildings. Administrators in the child domain can log onto any
> of
> the servers in the parent domain (via terminal services, or physically
> sitting at the console) using their child domain credentials (ie
> username/password/child-domain-name), however administrators in the parent
> domain cannot log onto servers in the child domain (via terminal services,
> or
> physically sitting at the console) using their parent domain credentials
> (ie
> username/password/parent-domain-name). Howcome?
| 
XML site map