<!-- / icon and title --><!-- message --> Hi,I Have Domain Contoller On windows Sever 2003 and Two Addtional Domain Controller on two different branch office at diffrent location.i have created two ou for both barnch1.SURAT OU2.BARODA OUand move SURAT ADC TO SURAT OU AND BARODA ADC TO BARODA OUi want to configure that IT person who is sitting on SURAT branch office (who is the member of domain user ) is able to install application and maintain all application ON SURAT ADC AS well as he also able to maintain SURAT OU.he IS ONLY ABLE TO LOG ON IN SURAT ADC HE SHOULD NOT BE LOG ON ON OTHER DOMAIN CONTROLLER OR SERVER ACCEPT HIS OFFICE.HE HAS ADMINISTRATIVE RIGHTS ONLY FOR HIS BRANCH OFFICE NOT FOR ALL BRANCHESKINDLY SUGGEST ME HOW TO CONFIGURE THIS

In order to install applications on Domain Controller,user must be a member of Domain Admins group. But it isn't necessary to be a member of Domain Admins Group in order to manage OUs. You can simple delegate permission to user and assign appropriate permissions.

Hi,Thank you for posting here.In addition to Bakrade's suggestion, you can add his account into "Local Security Policy(secpol.msc) - [Security Settings | Local Policies | User Rights Assignment | allow logon group]" group to grant the logon access to branch office DC.To allow him to install application on DC as well as maintain SURAT OU, you may consider to use RODC which is designed for branch office sulution in Windows Server 2008.For more information about RODC, you can refer to the link below: AD DS: Read-Only Domain Controllers http://technet.microsoft.com/en-us/library/cc732801(WS.10).aspxRegards,Wilson Jia This posting is provided "AS IS" with no warranties, and confers no rights.