Sunday, 26 June 2016

List of default users and Security Group of Domain Controller.

This details are very essential for System administrator, Be having knowledge of this groups you can manage server infrastructure to ensure server level security and rights management.

Administrators - Built-in account for administering the computer/domain Controllers.

RODC Password Replication Group - Members in this group can have their passwords replicated to all read-only domain controllers in the domain.

Cert Publishers - Members of this group are permitted to publish certificates to the Active directory in forest as well as domain level.

Denied RODC Password Replication Group - Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain.

Dns Admins – Members of this group have Administrator access to DNS server service.

Dns Update proxy – Member of this group are DNS clients who are permitted to perform dynamic updates on behalf of some other clients.

 Domain Admin – User accounts who is Member of this group are domain Administrators. But they can’t work on forest level. So only in a Particular Domain they have full control to administrator.

Domain Computers – By Default any Server or workstations or computers joined to domain becomes member of this group.

Domain Controllers – List of all domain controller you can find in this group.

Domain Guest – List of Domain Guest.

Domain users – Any users created in Domain becomes member of this group by default. This group represent all users in Domain.

Enterprise Admins – Members of this group have full access to all domains in forest. This group is a member of all domain controllers administrator group by default. We can say them Super Admins group.

Enterprise Read-only Domain Controllers - Members of this group are Read-Only Domain Controllers in the enterprise or read only Forest Level Domain controllers.

Group Policy Creator Owners - Members in this group can modify group policy for the domain. So we can add users to allow them to modify Group Policy for domain.

RAS and IAS Servers - Servers in this group can access remote access properties of users.

Read-only Domain Controllers - Members of this group are Read-Only Domain Controllers in the domain. Workstation and server add to this group becomes Read only Domain Controllers.

Schema Admins - Designated administrators of the schema, So members of this group can modify Active Directory Schema.

Below if the reference screenshot where you can see all the default users created in Active Directory.

No comments:

Post a comment