Delegation of Control allow a user to administrating a number of users in a OU Level in Active Directory. Although there is n number of options ,the most common one use for administrators are to do with users and groups.
we could give a user permissions to perform user administration of a particular OU rather than giving them access to perform administration for all users in the domain.
Demonstration:
we could give a user permissions to perform user administration of a particular OU rather than giving them access to perform administration for all users in the domain.
Demonstration:
- To use the delegation wizard, first open Active Directory Users and Computers. Right click the OU you want to perform delegation on and select the option Delegate Control.
- In the wizard select the users that you want to administration to be delegated to. It is recommended to create a group as if you want to remove or add additional users later it is a simple matter of changing the members in the group.
- When asked in the wizard, choose which tasks to want to delegate to that user or users when prompted.
- If you open the properties for the OU and select the security tab, you can see the permissions that have been assigned to the OU.
The delegation wizard effectively changes the permissions on the OU. The administrator could have change the permissions in the OU manually. If they want to reverse the changes done by the wizard modify the permissions for the OU and remove any permissions assigned by the delegation wizard.
No comments:
Post a Comment