Group and user permissions - restricting access on a granular level.


Here's my situation:  I have a Helpdesk employee that I want to be able to create users in a particular OU and also create the same user in a particular Group.  I don't want him to have access to change/modify any other groups or any other OUs.

In addition, I'd really prefer that he only has the ability to add a user to the group and change the password.  I don't want him to be able to delete users from the group or OU.

Is there a way to do this without using a script of any sort?

This senario is on a Windows 2003 Server/AD enviornment.

Who is Participating?
What you want to do is right click on the OU and delegate control. There are many settings that you can configure here for a specific OU.

Hope this helps. Always check your settings in a testing env. before putting them into production.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.