• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

How to grand user right to add or remove user in AD?

Is there a add on I can use to allow regular user to create user account in Active Directory? I don't want to put the user in domian admin group but she needs to have the ability of creating new users. Any suggestion would be helpful!

  • 2
1 Solution
Here is a web-page with some information for delegating authority.

if you want to do this for the domain then open up Active Directory users and Computers, right click and select Delegate Control. This will launce the Delegation of control wizard and you canuse this to delegate the necessary permissions to the user (really you should put the user in a group and then delegate to the group  - this will make it much easier to add other users and/or revoke the delegation in the future.

Once that has been done then, assuming that you want the other user to be able to create accounts without logging on to the domain controller you can add the administrative tools to the users PC.

Log on to the users PC and connect to \\servername\%systemroot%\System32
Find and run AdminPak.msi and install the tools. This will install all the admin tools on the local PC but the user will only be able to run the once for which you have delegated permission.

If you want to make it even simpler for the user you can create a taskpad with just the required tasks
See http://www.petri.co.il/create_taskpads_for_ad_operations.htm
Jason WatkinsIT Project LeaderCommented:
You could also add the user to the "Account Operators" group in AD.
Adding a user to the Account Operators Group would give additional rights including management of group and computers and the ability to log on to the DC and shutdown the system.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now