I have added my SLES 11 SP3 system to our domain with the following configuration after running "yast2 samba-client"

[x] Also Use SMB Information for Linux Authentication
[x] Create Home Directory on Login
[x] Offline Authentication
[ ] Single Sign-On for SSH

I then edited the /etc/security/pam_winbind.conf file and added an the Active Directory group (TestGroup1). I have restricted logging in successfully and now only members of TestGroup1 and root are able to SSH to the box.

However, I am now unsure of the best way to give and/or manage administrative rights for the AD group. I dont want to give this group "god" rights, but do want the members to be able to administer the database/application they will be managing. Please advise.