Using OUs to Delegate Administration
As previously mentioned, one of the most important reasons for creating an OU structure in AD DS is for the purpose of delegating administration to a separate administrator or administrative group. AD DS allows for this level of administrative granularity in a single domain. This concept is further illustrated in this section.
A group of users can be easily granted specific levels of administrative access to a subset of users. For example, a remote IT group can be granted standard user creation/deletion/ password-change privileges to its own OU. The process of delegating this type of access is quite simple and involves the following steps:
1. In Active Directory Users and Computers, right-click the OU where ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
