So everyone knows what the AdminSDHolders does. Okey lets do a short version of that too.
The AdminSDHolder is what is that then.
Well windows has a few “protected” groups and users. If you are a member of one of these protected groups, Windows will do a few things every 60 minutes by default.
- Set the AdminCount property of a user to 1
- Disable inheritance on the user object
- Set the rights on the user objects to a reduced set
This is an extremely simplified version. For more information please read in the Technet article AdminSDHolder.
Users and groups that by default are managed by the AdminSDHolder
Name | Type |
---|---|
Administrator | User |
Account Operators | Group |
Administrators | Group |
Backup Operators | Group |
Cert Publishers | Group |
Domain Admins | Group |
Domain Controllers | Group |
Enterprise Admins | Group |
Krbtgt | User |
Print Operators | Group |
Read-only Domain Controllers | Group |
Replicator | User |
Schema Admins | Group |
Server Operators | Group |