Delegate Control of Active Directory

I'd like to take control of Active Directory. If I set an OU with a delegate control, do I have to include my account with Full Control first. Or do I just go ahead and delegate control to my coworkers with rights to unlock account, change password, etc.?

In addition, how do you go about securing your Active Directory at work? I'm sure there are some irresponsible network people in your dept.! Speaking from current work nightmare!!!!
ch12345Asked:
Who is Participating?
 
mikecrCommented:
Below is some informative information on delegation. I would suggest creating Task Pads that allow the user to only do what you have delegated in the Task Pad and won't give them complete access to AD like using the admin tools.

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q235531

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q315676

http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q294952
0
 
Joel MillerDevOps EngineerCommented:
I think mikecr has a good idea here. You should read up a bit on taskpads and create some for other people in the department and put them in user mode. Do this after delating control and setting up User rights and you should be fine.
0
 
ch12345Author Commented:
I've read those pages you suggested. I will look further into Taskpad. Thanks.
0
 
mikecrCommented:
I'm glad I could help. If you have any other questions, please let us know.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.