This was all done using Azure VMs.
machine: server-dc
Setup Windows 2012 R2 as a domain control with user 'testadmin'
Domain: DEV
Added a user 'domainadmin' and made a Member of all the same groups as testadmin (including Domain Admins)
machine: server-a
Setup Windows 2012 R2 with user 'localadmin'
Joined server-a to the domain
"DEV\Domain Admins" was automatically added to the local Administrators group
Login to server-a as "DEV\testadmin"
- full local admin rights (because is member of "DEV\Domain Admins" - correct?)
Login to server-a as "DEV\domainadmin"
- does NOT have local admin rights yet is a member of "DEV\Domain Admins"
Why does "DEV\domainadmin" not have the exact same local admin rights on server-a that "DEV\testadmin" does?
Thanks,
Mike