Hi Can someone please explain me the difference between the default domain administrator account and an account which is a memeber of the domain administrator groups. Is there any difference or do they have the same privilege Thanks

The default domain administrator is member of the following groups: Administrators Domain Admins Domain Users Enterprise Admins Group Policy Creator Owner Schema Admins If you create a user named like "MrX" and you let him member of Domain Admins group, he will be member of the following groups: Domain Admins Domain Users (Here I supposed that you have not gave him membership to other groups). So,the difference is that the default domain administrator is member of the following groups: Administrators Enterprise Admins Group Policy Creator Owner Schema Admins Schema Admins: Designated administrators of the schema Enterprise Admins: Designated administrators of the enterprise Group Policy Creator Owner: members in this group can modify group policy for the domain Administrators: Administrators have complete and unrestricted access to the computer / domain Remark: Domain Admins and Enterprise Admins group are member of Administrators group (by default). So, if you user is member of Domain Admins group only, he will be able to perform only administrative tasks on your domain. He will not as an exemple make changes on the AD schema. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, C

Domain Admins Group : Members of this group have full control of the domain. By default, this group is a member of the Administrators group on all domain controllers, all domain workstations, and all domain member servers at the time they are joined to the domain. By default, the Administrator account is a member of this group. Because the group has full control in the domain, add users with caution.Hence. Default Admnistrator Account ia a user account for the system administrator. This account is the first account created during operating system installation. The account cannot be deleted or locked out by defaulti It is a member of the Administrators group and cannot be removed from that group.http://www.virmansec.com/blogs/skhairuddin