17.9. Delegating Control of Managing an Application Partition

Problem

You want to delegate control over the management of an application partition.

Solution

Using a graphical user interface

  1. Open ADSI Edit.

  2. Connect to the Configuration naming context of the forest the application partition is in if it is not already present in the left pane.

  3. Expand the Configuration naming context and click on the Partitions container.

  4. In the right pane, right-click on the crossRef object that represents the application partition and select Properties.

  5. Click the Security tab.

  6. Click the Advanced button.

  7. Click the Add button.

  8. Use the object picker to find the user or group you want to delegate control to and click OK.

  9. Click the Properties tab.

  10. Under Allow, check the boxes beside Write msDS-NC-Replica-Locations, Write msDS-SDReferenceDomain, Write msDS-Replication-Notify-First-DSA-Delay, and Write msDS-Replication-Notify-Subsequent-DSA-Delay.

  11. Click OK.

Using a command-line interface

> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-NC-Replica-Locations
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-SDReferenceDomain
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-Replication-Notify-[RETURN]
First-DSA-Delay
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-Replication-Notify-[RETURN]
Subsequent-DSA-Delay

Using VBScript

' This script delegates control over the four key attributes ' of an app partition to the specified user or group. ' ------ SCRIPT CONFIGURATION ------ ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial