locked
Delegate permissions in Active Directory RRS feed

  • Question

  • Hello All,
    I have a temporary technician that comes once in a while to do work for us.I want to delegate the following permissions to do the day to day support tasks:-

    1)Reset Users password

    2)Unlock the User Accounts

    3)join computers into our domain and remove the computers from our domain

    All our User are kept under a "OU=Staff" and All our Computer accounts are kept under "OU=Computers" 

    I don't want to give any other unnecessary permissions to this technician on other OU's, My Domain Controller is windows 2008.

    Can you please help me how to do this task.

    Regards,


    Wednesday, March 25, 2015 8:39 AM

Answers

  • You see the Wiki I started here for the permissions delegation in AD: http://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx

    To delegate unlocking user accounts: http://windowsitpro.com/security/q-how-can-i-delegate-right-unlock-locked-active-directory-ad-user-accounts

    To delegate the reset of users password: http://community.spiceworks.com/how_to/1464-how-to-delegate-password-reset-permissions-for-your-it-staff

    To delegate joining computers to a domain: https://robiulislam.wordpress.com/2012/02/07/delegate-non-admin-account-to-add-workstations-to-domain/

    To delegate removing computers from a domain: http://sigkillit.com/2013/06/12/delegate-adddelete-computer-objects-in-ad/

    In case you would like also delegating moving AD objects then here you go: http://social.technet.microsoft.com/wiki/contents/articles/20747.delegate-moving-user-group-and-computer-accounts-between-organizational-units-in-active-directory.aspx


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    • Proposed as answer by Mahdi Tehrani Wednesday, March 25, 2015 9:37 AM
    • Marked as answer by smpvm Thursday, March 26, 2015 12:11 PM
    Wednesday, March 25, 2015 9:06 AM