none
How to Give Admin permission in user or OU

    Question

  • Hi to all....

    In My office am using Windows server 2008 standard edition,am configured every thing DNS,AD,DHCP,GPO via OU, 40 users in my office, i want to create one user with administrator rights(limited rights), Already i created one OU, OU name Local admin, but i d'ont know where am giving administrator Rights(limited rights) for that OU,one  colleague is working in My team,now both are using same Administrator log in,thats what i want to know about how to give administrator rights(limited rights)  in one user or OU,because when am off in office,My colleague is take care My office in personal log in,i don't like to Both using administrator log in,please any one tell me how to give administrator rights(limited rights)in one user or OU, purpose to install application file sharing,add client to Domain like this few rights only i want, then my query is  if any other option is there?  in GPO at user configuration...?  for install application ,IP change and few things
    Tuesday, April 30, 2013 8:54 AM

Answers

All replies

  • Hello Rajesh,
    open Active Directory Users & Computers => right click over OU => Delegate Control....

    References:

    Bye,
    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on "Vote As Helpful" & click on "Mark As Answer" if a post answers your question.

    • Edited by Luca Fabbri Tuesday, April 30, 2013 9:15 AM
    • Proposed as answer by Z1PTI3 Tuesday, April 30, 2013 9:29 PM
    Tuesday, April 30, 2013 9:10 AM
  • >>purpose to install application file sharing,add client to Domain like this few rights only i want, then my query is  if any other option is there?  in GPO at user configuration...?  for install application ,IP change and few things

    Please add your colleague's user ID in local administrators group on desired machines. You can use group policy (Using Restricted Groups) to automate that process. please refer the article mentioned below. 

    How To Use Restricted Groups?

    Also, if you would like to allow user to join workstations to domain

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/1185fb93-913c-42e3-bcfc-dfbbba57a2bc/


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, April 30, 2013 9:14 AM
    Moderator
  • If you would like to delegate permissions on AD objects under an OU then you can simply use the Active Directory Delegation Wizard: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html

    You can also delegate permissions based on group membership. See these default groups: http://technet.microsoft.com/en-us/library/cc756898%28v=ws.10%29.aspx

    To delegate joining computers to an AD domain: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/1185fb93-913c-42e3-bcfc-dfbbba57a2bc/


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Get Active Directory User Last Logon

    Create an Active Directory test domain similar to the production one

    Management of test accounts in an Active Directory production domain - Part I

    Management of test accounts in an Active Directory production domain - Part II

    Management of test accounts in an Active Directory production domain - Part III

    Reset Active Directory user password

    Tuesday, April 30, 2013 3:57 PM
  • Hi Luca fabbri.....

                                    Thank you for your Reply...i did every thing following your advice...But where i give user  permission for  install application,client system ip manually changes in  network and sharing option,add client sys in domain.,

    Thursday, May 02, 2013 8:01 AM
  • Hello santhosh...

                                      Thank you for your advice santhosh... i configure Restricted Group and delegation account but still that user did not get administrator rights,unable to install software's in client sys,,unable to change ip address in client sys,unable to go cmmgmt whr am go asking administrator user name and Password...am very clear i did every thing correctly above ur gave links.....Restart the DC its mandatory or its take some times to update...santhosh....already i gave gpupdate /force cmd...help me..  

    Thursday, May 02, 2013 8:14 AM
  • Hello Rajesh,
    you can use AD Delegation in conjunction with Group Policy Object (GPO).

    Bye,
    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on "Vote As Helpful" & click on "Mark As Answer" if a post answers your question.

    Thursday, May 02, 2013 8:18 AM
  • Hello santhosh...

                                      Thank you for your advice santhosh... i configure Restricted Group and delegation account but still that user did not get administrator rights,unable to install software's in client sys,,unable to change ip address in client sys,unable to go cmmgmt whr am go asking administrator user name and Password...am very clear i did every thing correctly above ur gave links.....Restart the DC its mandatory or its take some times to update...santhosh....already i gave gpupdate /force cmd...help me..  

    It appears that, policy has not been configured properly.

    Can you please post a snapshot of gpmc settings specific to restricted groups ?


    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here, are my own.

    This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Blog | Wiki

    Thursday, May 02, 2013 8:50 AM
    Moderator