Converting an AD Group Used for SCCM Admins from Global to Universal to Add Users from Other Trusted Domains

My organization is in the middle of migrating over to SCCM 2012, but we still have our SCCM 2007 environment operational until we can complete this project and transition everything over to SCCM 2012. The Primary SCCM 2007 Administrator in one region has resigned and I have been tasked with taking over some of his responsibilities. In order to do this, I will need to be added to the local "SMS Admins" group on the Site Server. There already exists an AD group that the former Primary SCCM 2007 Administrator created named "SMSAdministrators" that I am under the impression I should be added to since that is already a member of the local "SMS Admins" group on the Primary Site Server for that region. However, it is a Global group and I am located in another region. Therefore, my AD user account in my region will not be able to be added to the "SMSAdministrators" AD group in the other region for me to be able to take on these additional SCCM 2007 duties. 

So my question is, if the "SMSAdministrators" Global AD group that he created is converted to a Universal Security group so I can be added to it, will that break anything regarding any SCCM 2007 console permissions within the SCCM 2007 Security Rights, or anything else for that matter?

Thanks everyone


January 22nd, 2014 3:27am

I concur. The group may or may not actually have full permissions within ConfigMgr itself -- just being part of the SMS Admins local group does not actually give you any permissions in ConfigMgr.
Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2014 6:05pm

I am aware of this, but I really prefer using groups rather than individual user accounts, because it makes administration much less painful for me.

Thanks for your reply, I appreciate it.

There is another user in the other region that is an SCCM 2007 Admin, but he did not realize he was a member of the group that granted him those rights. So, I would add my user account to a group, then add that group to the local "SMS Admins" group and then I will walk him through the process of granting that group Admin rights on all Object Classes so I will be able to acquire admin rights as well. This is what I was trying to convey.


January 24th, 2014 2:36am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics