This tab shows us the Access Control List (ACL) for the SB Test Area object, which comprises Access Control Entries (ACEs). Next, right-click the SB Test Area OU and select ‘Properties’ then go to the Security tab:ģ. To view the Security tab on an object, you need to enable Advanced Features in ADUC by choosing ‘Advanced Features’ from the View dropdown menu:Ģ. To confirm the permissions we specified in the delegation wizard were applied correctly, we will check the Security tab the ‘SB Test Area’ OU.ġ. Finally, you need to confirm your selection by clicking Finish:Īs you can see, we’ve granted the ‘Help Desk’ group the right to ‘Reset user passwords and force password change at next logon’ to all descendant users of the ‘SB Test Area’ OU. For this example, we’ll stick with the scenario we mentioned, resetting users’ passwords.Ĥ. We can pick from a list of common tasks or create a custom task to delegate them access to perform. N ext, we specify which tasks these objects should be able to perform.
The first step in the wizard is to choose the users or groups we want to grant permissions to:ģ. The Active Directory Delegation of Control wizard will open:Ģ. Launch the wizard by right-clicking an OU or container and selecting ‘Delegate Control…’. Let’s walk through the steps we would take as an administrator who needs to enables the ‘Help Desk’ group to service password resets for all users in a specific OU.ġ. The Active Directory Delegation wizard is an easy-to-use UI for granting permissions to a user or group to perform a certain task.
More experienced administrators or those that are familiar with scripting may choose to apply and review delegated permissions with PowerShell, but we won’t be covering that in this blog. This blog post will cover both of these options. Active Directory Delegation Best Practices
0 kommentar(er)
