Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AD Deleqation control

Posted on 2008-09-29
4
Medium Priority
?
207 Views
Last Modified: 2010-03-17
Greetings:
I have given some users limit permissions using AD delegation control to manage their users at their departments ,when i tried to login to the DC using the username and password for the delegator i couldn't, so do i need to do anything more than give him permissions through delegation control and adding them to the remote disktop  users??
0
Comment
Question by:salman_sulaiman_2008
  • 2
4 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22595162
Hi salman_sulaiman_2008,

You can use this interesting article as reference:

http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Hope it's what you're looking for.

Cheers.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 200 total points
ID: 22597163
Why have them login to the DC? That's not a good practive as the're not Domain Admins.
You should create GPO to install the ADCU utility on those Admins machines during reboot so that they have the ADCU utility installed and have them run that ADCU console from their own machine. Giving then access to Remote Desktop to DC is not a good practice and you need to grant them logon through terminal services etc as by default, non Administrator cannot RDP to domain controller.
0
 
LVL 18

Accepted Solution

by:
Americom earned 200 total points
ID: 22597289
Here's the Computer GPO you can create from Windows Settings-->Scripts-->Startup

Scrtip Name: \\DomainName\ShareName\adminpak.msi   (where ever you keep your software installs)

Script Parameters: ADDLOCAL=FeADTools /qn

You may even want to customize a ADCU MSC so that those admins can only see their delgation etc....and copy the customized MSC to their desktop upon logon...
0
 

Author Comment

by:salman_sulaiman_2008
ID: 22666547
Greetings Everyone!
Thanks for the replies! They really do help!
Best wishes,
~salman~
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question