Delegating Administration
In Active Directory, you can delegate administrative duties to particular users or groups. Delegating administrative control occurs at the organizational unit level. Of course, determining and creating organizational units should follow the structure of your organization.
By delegating administration, you eliminate the need for separate administrative accounts that may have authority over the entire domain. This allows you to limit control to specific areas of the directory for a small number of administrators.
Some organizations have separate teams responsible for administering different services. For example, a company may have a Windows 2000 team that is responsible for administering Active Directory and a network team responsible for administering network services such as DNS and DHCP. Because of their limited responsibilities, you would not want to add the network team to the Enterprise Administrators group. By delegating administration of DHCP servers to the network team, you avoid giving unnecessary rights.
To delegate the ability to authorize DHCP servers to a non-Enterprise Administrator, follow these steps:
Open Active Directory Sites and Services. You must be an Enterprise Administrator to do this.
From the View menu, select Show Services Node.
In the Sites and Services console’s tree pane, select NetServices
Select the Action pull-down menu and select Delegate Control. This starts the Delegate Control Wizard.
Click Next, the click Add to display the ...
Get DHCP for Windows 2000 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
