locked
Security Permission of an AD Group RRS feed

  • Question

  • Please advise how is possible to assign security permission for a Service Account to be able to modify a Security Group? This is only for a single AD group.


    • Edited by Jasho08 Monday, November 9, 2015 3:37 PM
    Monday, November 9, 2015 2:00 PM

Answers

  • You can always just make the Service Account the 'Manager' of the group and check the box that says modify membership.  I tend to make a security group that will contain users able to modify membership of a group and make the group a 'Manager' of the group.

    If you want more than that, the delegation wizard is the place to go as stated above.

    • Proposed as answer by Richard MuellerMVP Monday, November 9, 2015 5:33 PM
    • Marked as answer by Mary Dong Friday, November 20, 2015 5:23 AM
    Monday, November 9, 2015 2:24 PM
  • If you don't want to go the manager route, you will need to open the security tab of the group object and assign 'Read/Write Members' to the service account.
    • Marked as answer by Mary Dong Friday, November 20, 2015 5:24 AM
    Monday, November 9, 2015 3:46 PM

All replies

  • Hi

     You can configure delegate permissiosn for this "Service account" on OU where this security group in.

    Check for details

    http://kpytko.pl/active-directory-domain-services/active-directory-rights-delegation-part-2/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, November 9, 2015 2:08 PM
  • You can always just make the Service Account the 'Manager' of the group and check the box that says modify membership.  I tend to make a security group that will contain users able to modify membership of a group and make the group a 'Manager' of the group.

    If you want more than that, the delegation wizard is the place to go as stated above.

    • Proposed as answer by Richard MuellerMVP Monday, November 9, 2015 5:33 PM
    • Marked as answer by Mary Dong Friday, November 20, 2015 5:23 AM
    Monday, November 9, 2015 2:24 PM
  • This would allow access to all groups in the OU. I would like to assign it only one group

    Monday, November 9, 2015 3:34 PM
  • If you don't want to go the manager route, you will need to open the security tab of the group object and assign 'Read/Write Members' to the service account.
    • Marked as answer by Mary Dong Friday, November 20, 2015 5:24 AM
    Monday, November 9, 2015 3:46 PM