[Samba] AD User with Domain Admin
robert at marcanoonline.com
Thu Dec 3 19:33:08 UTC 2020
On 12/3/20 1:48 PM, Maurizio Caloro via samba wrote:
> AD 4.13.2 running, Joinet Debina 10 machine, if sign in with Domain Admin
> User to Debian, aim a normal User without any more rights
As it should be, the Windows concept of being a domain administrator
granting you administrator on all machines is by default bad. That is
why so many AD security recommendations tell Windows administrators to
have a normal user for daily usage and switch to the domain
administrator only when needed, a cheaper version of sudo.
You should add sudo rules to the members of that group or other more
specialized or add domain users to the wheel local group.
> I need to put the AD Admin User to Passwd Group? So that this will receive
> the Domain Admin Right on this Debian Server?
More information about the samba