I need to restrict the Domain Admin Accounts from this server yet leave connecte dto network and leave Network User accounts as the Administartor of the Server to grant access or not.

remove the Domain Admins group from the server local Adminsitrators group.lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

Does that cause any risk? Can they add it back on?Will the server be able to rejoin the domain if something happens?As far as permissions go, aslong as we have a user with Adminrights we should be ok, right?

Domain admin will not ahve any adminsitrative access to the server.Dont forget server local administrator account and password or any other user account that you may have added to the server local administrators group.lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

Permission Considerationshttp://technet.microsoft.com/en-us/library/aa996881.aspx

best practices are described here:http://technet.microsoft.com/en-us/library/cc773318(WS.10).aspxbut basically, you'll need to plan a roadmap of who can access what.Map it all out in a hierarchy and implement in AD..This example hopefully helps.http://technet.microsoft.com/en-us/library/cc773113(WS.10).aspx