When working with Active Directory, does anyone know why Restricted Groups within Group Policy cannot be used to add a group to the Builtin\Administrators group on a domain controller?
I am able to use Restricted Groups to replace all the groups and add the ones I want but I cannot use it to add a group to Builtin\Administrators on the domain controller.
No other policies are overwriting this.





