[unisog] Those with Active Directory...Domain Admin question for you

Alex Tirdil AJTIRDIL at salisbury.edu
Thu Dec 8 13:39:42 GMT 2005


Hey everyone,

This has recently become a hot topic on my campus and I would
appreciate any feedback anyone has.

There are a few people on my campus that have Domain Administrator
privledges for Active Directory.  These people are supposed to have it,
they have been trained on how to be a responsible Domain Administrator,
and they have a valid reason for being one (upper level desktop support
and server team members)

However recently an issue has cropped up which has caused some debate
internally.  An upper level management figure (cant really go into more
detail than that) has requested and recently acquired Domain
Administrator privledges.  This person has not been trained on how to be
a responsible Domain Administrator and they have no need to be one.  The
person wanted the pivledges because it was the "latest and greatest"
thing to have.

The issue is that the current trained Domain Admins know this shouldnt
happen, but they are at a loss on how to approach the issue.  How can
you approach upper management and basically tell them they should not
have the privledges they do?

Anyone have any ideas?  One that has popped up in my head is the fact
that we are currently being audited and maybe sending the auditor an
email to "verify who the domain administrators are" which might solve
the issue...but this is all very sneaky.  We would like to see the
situation defused as calmly as possible.

Any feedback would be appreciated, thank you in advance.

-alex


More information about the unisog mailing list