Delegating Authority

Delegating Control to Other Users

Obviously, administering an entire forest of domains can be a rather daunting task. You can assign various users the role of junior administrator by adding them to various administrative groups, but this practice may backfire in that you give up a certain level of security. The best way is to delegate certain tasks to a select number of users so as to lower the burden on you, while not giving your users too much administrative power. You can delegate control over the following objects in Active Directory:

  • Sites

  • Domains

  • Organizational Units (OU)

The following tutorial outlines the process of giving the user Mac N. Tosh (macn) the authority to create and manage users and groups in the North Wing (Accounting OU) in the guinea.pig domain.

Tutorial: Using the Delegation of Control Wizard

  1. Open Active Directory Users and Computers on DC01.

  2. Expand the North Wing OU under the guinea.pig icon.

  3. Inside the North Wing OU, right-click the Groups OU and choose Delegate Control . Hit Next .

  4. We are asked to add the users to which we wish to delegate control. Click Add and enter the name of the user to be delegated control. For this example, we use macn . Click OK and click Next .

  5. Make sure that Delegate the following common tasks is selected. Place checks in the boxes labeled:

    • Create, delete, and manage user accounts

    • Reset user passwords and force password change

    • Create, delete, and manage groups

    • Modify the membership of a group

  6. Click Next and Finish .

Mac N. Tosh is now able to add users/groups and modify their Properties. He is not allowed, however, to perform other tasks such as add new child domains, run RSoP simulations, or other higher-level tasks reserved for administrators.

Active Directory By The Numbers. Windows Server 2003
Active Directory By the Numbers: Windows Server 2003
ISBN: 0974759309
EAN: 2147483647
Year: 2003
Pages: 88
Authors: Marc Hoffman © 2008-2017.
If you may any questions please contact us: