(AWS managed) AD - give local admin rights to domain users

Note: This post is part of a series (Part 4):

• Part 1: AWS managed AD - first steps after creation
• Part 2: AWS managed AD - add user RDP permissions
• Part 3: Standard AD - auto-map a network drive

Situation: You have a bunch of systems in an (AWS managed) AD, and you want to give AD users local admin rights.

Problem: You don’t know how.

Solution: This post or this very nice video, or both.

• Basically there are two ways.
  • One, you have an AWS managed AD, then you get …
    • the easy way: just add the relevant users to the “ AWS Delegated Server Administrators” group
  • Two, you don’t want to use the AWS groups or have a standard AD, then …
    • stick to the video.

Hint: It’s easiest if you perform thost actions as the DOMAIN\Admin user, so you don’t have to enter that user’s password all the time.