none
delegation of permissions to group

    Question

  • Hi Everyone,

    I have requirement where in I need to delegate the permission to group.

    For ex: I have group called Testgrp and helpdesk users are the members of the group.

    I want help desk users should be able to modify  "Member of" items, like add or remove from the member of list from user properties. However i want to restrict the helpdesk users to not modify group membership like users should not be able to add/remove user/groups to any group.

    Kindly Advice

    Thanks!!

    Monday, November 21, 2016 1:08 PM

All replies

  • Hi

     You should configure delegate permission with "Create Custom Task" ->Only the following objects in the folder -> then select "User Objects"-> select "Read and write group membership.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, November 21, 2016 7:41 PM
  • Hi,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 23, 2016 1:01 PM
    Moderator
  • You can also have a look at solutions that have RBAC implemented: http://www.adaxes.com/active-directory_role-based-security.htm
    Thursday, November 24, 2016 11:44 AM
  • Right Click the security group, click on "Security" Tab in Advance select select "Read and write group membership"


    Thanks HA

    Thursday, November 24, 2016 4:13 PM
  • Hi Rasfa,

    Are there any updates?

    If the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 29, 2016 12:36 AM
    Moderator