Active Directory Delegation Control

aihaiai
aihaiai used Ask the Experts™
on
I've delegate control for one of my OU to one of my user. He/she can update only the phone related field. It works fine. I just want to know, if I forgot the user,

1. How do I check which user was delegated to which specific control.
2. How do I remove the user from the  delegation control

Thanks in advanced
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Right click on the OU in the Active Directory Users and Computers Snap-in, and select properties.  Look at the security tab, any specific user in there other than "administrator" and "authenticated users" and other predefined groups int here you would have had to input yourself.  To thoroughly check which controls they have, I'd go to the advanced tab, and over to the effective permissions, type in the users name there and check out what all rights they have.

This should get you everything you need/want to know.  Removing them from delegation should be as simple as highlighting their username in the Security tab, and hitting the remove button.

Hope this helps,
Erdrick33
If you don't see the Security tab when you go to the OU properties sheet, click on View-->Advanced Features within ADUC.
Role-based delegation of control in Adaxes (www.adaxes.com) also solves these problems. It fulfills centralized  security management workflow that is why you are able to view every user's role and every user's rights correspondingly.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial