14.5. Using the Delegation of Control Wizard

Problem

You want to delegate control over objects in Active Directory to a user or group.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers or Active Directory Sites and Services snap-in depending on the type of object you want to delegate.

  2. In the left pane, browse to the object you want to delegate control on.

  3. Right-click on the object and select Delegate Control. Only certain objects support the Delegation of Control Wizard, so this option will not show up for every type of object.

  4. Click Next.

  5. Click the Add button and use the Object Picker to select the users or groups you want to delegate control to.

  6. Click Next.

  7. If the task you want to delegate is an option under Delegate the following common tasks, check it and click Next. If the task is not present, select Create a custom task to delegate and click Next. If you selected the latter option, you will need to go perform two additional steps:

    1. Select the object type you want to delegate.

    2. Click Next.

    3. Select the permissions you want to delegate.

    4. Click Next.

  8. Click Finish.

Discussion

The Delegation of Control Wizard is Microsoft’s attempt to ease the pain of trying to set permissions for common tasks. Because Active Directory permissions are so granular, they can also be cumbersome to configure. The Delegation of Control Wizard helps in this regard, but it is limited. The default tasks that can be delegated are fairly minimal, although you can add more tasks as described ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.