Solved

Delegate OU In Adtive Directory in windows 2003 server.

Posted on 2007-11-23
8
530 Views
Last Modified: 2009-06-23
Hello everybody,
I've just delegated an ou for an user in Adtive Directory in Windows 2003 server by right click the ou and then select the delegate control. It is ok. Now I want to cancel this task, I want to undelegate that OU for the user. How can I do? Please guide me step by step. Thanks.
0
Comment
Question by:diamondhead
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 11

Expert Comment

by:bsharath
ID: 20341839
Download Active administrator from Scriptlogic website.I think this is the only way to see the delegations and remove them...
0
 
LVL 70

Accepted Solution

by:
KCTS earned 25 total points
ID: 20342146
There is noi simple wizard to undo a delegation, You need to go to "Active Directory Users and Computers" and make sure that  "View", "Advanced features" is selected

Right click on the OU that you delegated and click the security tab, you should see the account that you delegated to. Remove the account from the ACL to cancel the delegtion (or you can modify the permissions).
0
 
LVL 3

Expert Comment

by:l84work
ID: 20345076
KCTS is 100% correct!  

Sounds like you are not familiar with this process.  Be careful not to remove some of the default permissions, you don't want to lock out other users or even yourself.  And be careful with DENY permission, it overwrites everything else.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 25 total points
ID: 20347828
bsharath is entirely incorrect - third-party software is in no way a requirement to view and remove security delegations within AD. KCTS's instructions will point you in the correct direction.  If you have multiple delegations to undo (it sounds like you only have one but just in case) you can also use the dsrevoke command-line tool available here: http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20347978
LauraEHunterMVP
I am sorry if i am wrong as i once was told that it was the only way by experts in EE. And when i wanted to find delegations i found the third party software very easy to find.
I tried dsrevoke but did not get the results...
The software is easy to click on each OU to find the delegated users....
0
 
LVL 3

Expert Comment

by:l84work
ID: 20348020
Laura is correct, 3rd software is not a REQUIREMENT.

As for 3rd party software, I've used ScriptLogic before.  It does have a user friendly interface.  But personally, I think Hyenas 7.1 (http://www.systemtools.com/hyena/hyena_new.htm) is better.
0
 

Author Comment

by:diamondhead
ID: 20348201
Hello Everybody,
Thanks for your instruction. Now it's ok.  I have just done via the KCTS guides.  And I don't try with The third party software. Thanks again and Have a nice day.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question