locked
Delegation of security permissions RRS feed

  • Question

  • Hi

    Need to know, if we have to delegate the below two permissions indivisually what needs to be delegated on an OU

    1- Reset  Computer Account

    2- Enable & Disable  Computer Account


    Regards Sushain KApoor


    Thursday, September 10, 2015 10:03 AM

Answers

  • Hi Sushain,

    • Select Create a custom task to delegate and hit Next 
    • select Computer objects, select Create selected objects in this folder and  hit Next 
    • Select Property-specific and select required Properties.

    More info:

    https://morgansimonsen.wordpress.com/2013/12/17/delegating-computer-object-management-tasks/


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    • Proposed as answer by Mary Dong Friday, September 11, 2015 6:10 AM
    • Marked as answer by Sushain_Kapoor Friday, September 11, 2015 8:55 AM
    Thursday, September 10, 2015 2:32 PM

All replies

  • If I understood you correctly, you need to go through the delegation wizard in ADUC and apply those permissions individually to wherever you need. Here is an article about it http://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx

    As a more advanced option, it can be achieved using Role-Based Delegation System (http://www.adaxes.com/active-directory_delegation). You just need to create two separate roles: one with reset computer account permission and another one with enable and disable computer account permissions and just add users/groups to activity scope.


    • Edited by kuingul Thursday, September 10, 2015 10:58 AM
    Thursday, September 10, 2015 10:57 AM
  • Yes, you understood the issue correct.

    But what needs to be applied for the two seperately . i am in need of that information.


    Regards Sushain KApoor

    Thursday, September 10, 2015 1:40 PM
  • Hi Sushain,

    • Select Create a custom task to delegate and hit Next 
    • select Computer objects, select Create selected objects in this folder and  hit Next 
    • Select Property-specific and select required Properties.

    More info:

    https://morgansimonsen.wordpress.com/2013/12/17/delegating-computer-object-management-tasks/


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    • Proposed as answer by Mary Dong Friday, September 11, 2015 6:10 AM
    • Marked as answer by Sushain_Kapoor Friday, September 11, 2015 8:55 AM
    Thursday, September 10, 2015 2:32 PM