Solved

Delegate OU In Adtive Directory in windows 2003 server.

Posted on 2007-11-23
8
496 Views
Last Modified: 2009-06-23
Hello everybody,
I've just delegated an ou for an user in Adtive Directory in Windows 2003 server by right click the ou and then select the delegate control. It is ok. Now I want to cancel this task, I want to undelegate that OU for the user. How can I do? Please guide me step by step. Thanks.
0
Comment
Question by:diamondhead
8 Comments
 
LVL 11

Expert Comment

by:bsharath
Comment Utility
Download Active administrator from Scriptlogic website.I think this is the only way to see the delegations and remove them...
0
 
LVL 70

Accepted Solution

by:
KCTS earned 25 total points
Comment Utility
There is noi simple wizard to undo a delegation, You need to go to "Active Directory Users and Computers" and make sure that  "View", "Advanced features" is selected

Right click on the OU that you delegated and click the security tab, you should see the account that you delegated to. Remove the account from the ACL to cancel the delegtion (or you can modify the permissions).
0
 
LVL 3

Expert Comment

by:l84work
Comment Utility
KCTS is 100% correct!  

Sounds like you are not familiar with this process.  Be careful not to remove some of the default permissions, you don't want to lock out other users or even yourself.  And be careful with DENY permission, it overwrites everything else.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 25 total points
Comment Utility
bsharath is entirely incorrect - third-party software is in no way a requirement to view and remove security delegations within AD. KCTS's instructions will point you in the correct direction.  If you have multiple delegations to undo (it sounds like you only have one but just in case) you can also use the dsrevoke command-line tool available here: http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383
0
 
LVL 11

Expert Comment

by:bsharath
Comment Utility
LauraEHunterMVP
I am sorry if i am wrong as i once was told that it was the only way by experts in EE. And when i wanted to find delegations i found the third party software very easy to find.
I tried dsrevoke but did not get the results...
The software is easy to click on each OU to find the delegated users....
0
 
LVL 3

Expert Comment

by:l84work
Comment Utility
Laura is correct, 3rd software is not a REQUIREMENT.

As for 3rd party software, I've used ScriptLogic before.  It does have a user friendly interface.  But personally, I think Hyenas 7.1 (http://www.systemtools.com/hyena/hyena_new.htm) is better.
0
 

Author Comment

by:diamondhead
Comment Utility
Hello Everybody,
Thanks for your instruction. Now it's ok.  I have just done via the KCTS guides.  And I don't try with The third party software. Thanks again and Have a nice day.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now