Name
delegation
Synopsis
Delegate administration over a domain, OU, or Site object to users or groups, and modify Active Directory permissions assigned through the Delegation of Control Wizard.
Procedures
The task of delegating authority over a domain or OU uses the Active Directory Users and Computers console, while delegating authority over a site uses the Active Directory Sites and Services console. In either case you may first need to connect to the domain or forest in order to administer it.
Delegate Authority over a Domain
| Active Directory Users and Computers → right-click on domain → Delegate Control → Next → Add → select users or groups → OK → Next |
At this point in the Delegation of Control Wizard, select the tasks you want to delegate to your designated users or groups. For example, you can delegate authority to:
Join a computer to the domain
Manage Group Policy links
Clicking Next then Finish ends the wizard.
Alternatively, you can select “Create a custom task to delegate,” which allows you to delegate control of the domain and all the objects it contains to your designated users or groups, or you can delegate control of specific types of objects within the folder to these users or groups. For example, you could delegate control of all Computer objects within the domain to a specific group. Depending on which type of object you select, you can specify different Active Directory permissions to be delegated over that object to your users or groups. The range and complexity of permissions ...
Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
