[Samba] AD User with Domain Admin

Robert Marcano robert at marcanoonline.com
Thu Dec 3 19:33:08 UTC 2020

On 12/3/20 1:48 PM, Maurizio Caloro via samba wrote:
> Hello
> AD 4.13.2 running, Joinet Debina 10 machine, if sign in with Domain Admin
> User to Debian, aim a normal User without any more rights

As it should be, the Windows concept of being a domain administrator 
granting you administrator on all machines is by default bad. That is 
why so many AD security recommendations tell Windows administrators to 
have a normal user for daily usage and switch to the domain 
administrator only when needed, a cheaper version of sudo.

You should add sudo rules to the members of that group or other more 
specialized or add domain users to the wheel local group.

> I need to put the AD Admin User to Passwd Group? So that this will receive
> the Domain Admin Right on this Debian Server?
> Thanks

More information about the samba mailing list