Last post Apr 13, 2009 05:50 PM by johram
Apr 09, 2009 12:07 AM|goosed|LINK
Hey all, I'm wanting to delegate some basic AD functions to my Helpdesk users. What would be the best way to go about and do this? I've messed with delegating control in the past and never had much luck. Is there a better/easier way of doing this?
Basically I want to configure a small group of users to have access to unlock/reset passwords. Any help would be appreciated. Thanks.
Apr 13, 2009 05:50 PM|johram|LINK
Delegating of control was originally invented for this kind of issues. Can it be simpler? :)
Preferrably, you put the helpdesk users in a group. Using Active Directory Users & Computers, you right-click the to OU which you want to assign this right and choose Delegate control.
The only problem as I see it is that it is not easy to get an overview of how the delegation is set up. It may become messy if you have complex relations. Given a user, you cant trace it backwards and see *where* this user has control - at least not by using
a native tool.
But the other way around is possible, if you check the Security tab in the properties screen for an OU. There you will see which users/groups do have rights to modify things in this OU.