-6

I just got a summer job in a camp. Among other things, I'm supposed to be able to create domain users, join computers to the domain, create a file share, backups, etc. For reasons unknown to me, they refuse to give me a domain administrator account. Instead, they've given me a regular account and manually added the permissions that I need for (some) of the things I need to.

The problem is, that as I start doing my work, I find that I haven't got the permissions that I need. Each time I come across this, I must go to someone who has an administrator account (the same person, if it makes a difference), and have him give me that permission that I need. This is rather frustrating, so I would to be able to see what permissions I have already, so I can know ahead of time what to go to him for, instead of starting work (or worse, make a bunch of changes and then have it all fail due to lack of permissions) and then having to stop to get permissions to continue.

I tried going in Active Directory Users and Computers, and looking at my user properties, however that only lets me see which group I am part of, not the permissions that i have, most of which weren't granted though adding me to a group. Is there any way to get this information for my own domain user account, or does that require administrator privileges?

Ploni
  • 103
  • 6
  • Commentless downvote? – Ploni Jun 19 '17 at 20:58
  • Downvotes without comment can be assumed to be for one of the reasons listed in the downvote arrow hover text. – EEAA Jun 19 '17 at 21:37
  • By philosophy and design votes are anonymous and **neither voting [up](//$SITEURL/help/privileges/vote-up) nor voting [down](//$SITEURL/help/privileges/vote-down) requires any mandatory explanation**. The tooltip that appears when your mouse pointer hoovers over the down button states: *"this question does not show any research effort; it is unclear or not useful"*. Also questions can attract a down vote when not [well written](http://meta.serverfault.com/a/3609/37681), not quite [on-topic](http://serverfault.com/help/on-topic) or missing details. – Jenny D Jun 20 '17 at 04:26
  • I think your question is okay and it doesn't deserve the downs. Don't let the downs to pour cold water on you. You can quickly reclaim the lost reputation by writing some answers. – peterh Jun 20 '17 at 05:12

1 Answers1

5

In Active Directory you specify users and to to which groups they belong. These groups can be anything. The permissions related to a group can be defined anywhere outside of AD, so there is no overview of 'permissions' in AD. For instance, on a particular server you can view your file access permissions on that server. These permissions are not visible on the AD.

If you are not getting the proper permissions to do your task, you should go to the person that gave you the permissions and explain that you are getting a 'permission denied' error. After they fix this, you can continue and try again. Apparently they do not feel comfortable to give you full admin access rights and do not know what minimal rights are required for you to do your job. So you are currently in a trial and error process. The fastest way to get through that is reporting errors as soon as they arise.

anneb
  • 206
  • 1
  • 8