The reason is, this is the only account that allows logon without a Global Catalog Server. This was removed as the forest recovery white paper makes use of the default administrator account. This guide used to recommend disabling the account. Instead, you should secure the Administrator account in each domain in the forest as described in the following section and detailed in the step-by-step instructions that follow. To ensure that an Administrator account can be used to effect repairs in the event that no other accounts can be used, you should not change the default membership of the Administrator account in any domain in the forest. Use of a domain's Administrator account should be reserved only for initial build activities, and possibly, disaster-recovery scenarios. This account is by default a member of the Domain Admins and Administrators groups in the domain, and if the domain is the forest root domain, the account is also a member of the Enterprise Admins group. In each domain in Active Directory, an Administrator account is created as part of the creation of the domain. Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 Appendix D: Securing Built-in Administrator Accounts in Active Directory
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |