I just got a summer job in a camp. Among other things, I’m supposed to be able to create domain users, join computers to the domain, create a file share, backups, etc. For reasons unknown to me, they refuse to give me a domain administrator account. Instead, they’ve given me a regular account and manually added the permissions that I need for (some) of the things I need to.
The problem is, that as I start doing my work, I find that I haven’t got the permissions that I need. Each time I come across this, I must go to someone who has an administrator account (the same person, if it makes a difference), and have him give me that permission that I need. This is rather frustrating, so I would to be able to see what permissions I have already, so I can know ahead of time what to go to him for, instead of starting work (or worse, make a bunch of changes and then have it all fail due to lack of permissions) and then having to stop to get permissions to continue.
I tried going in Active Directory Users and Computers, and looking at my user properties, however that only lets me see which group I am part of, not the permissions that i have, most of which weren’t granted though adding me to a group. Is there any way to get this information for my own domain user account, or does that require administrator privileges?
Answer
In Active Directory you specify users and to to which groups they belong. These groups can be anything. The permissions related to a group can be defined anywhere outside of AD, so there is no overview of ‘permissions’ in AD. For instance, on a particular server you can view your file access permissions on that server. These permissions are not visible on the AD.
If you are not getting the proper permissions to do your task, you should go to the person that gave you the permissions and explain that you are getting a ‘permission denied’ error. After they fix this, you can continue and try again. Apparently they do not feel comfortable to give you full admin access rights and do not know what minimal rights are required for you to do your job. So you are currently in a trial and error process. The fastest way to get through that is reporting errors as soon as they arise.
Attribution
Source : Link , Question Author : Ploni , Answer Author : anneb
