Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD Deleqation control

Posted on 2008-09-29
4
Medium Priority
?
206 Views
Last Modified: 2010-03-17
Greetings:
I have given some users limit permissions using AD delegation control to manage their users at their departments ,when i tried to login to the DC using the username and password for the delegator i couldn't, so do i need to do anything more than give him permissions through delegation control and adding them to the remote disktop  users??
0
Comment
Question by:salman_sulaiman_2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22595162
Hi salman_sulaiman_2008,

You can use this interesting article as reference:

http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Hope it's what you're looking for.

Cheers.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 200 total points
ID: 22597163
Why have them login to the DC? That's not a good practive as the're not Domain Admins.
You should create GPO to install the ADCU utility on those Admins machines during reboot so that they have the ADCU utility installed and have them run that ADCU console from their own machine. Giving then access to Remote Desktop to DC is not a good practice and you need to grant them logon through terminal services etc as by default, non Administrator cannot RDP to domain controller.
0
 
LVL 18

Accepted Solution

by:
Americom earned 200 total points
ID: 22597289
Here's the Computer GPO you can create from Windows Settings-->Scripts-->Startup

Scrtip Name: \\DomainName\ShareName\adminpak.msi   (where ever you keep your software installs)

Script Parameters: ADDLOCAL=FeADTools /qn

You may even want to customize a ADCU MSC so that those admins can only see their delgation etc....and copy the customized MSC to their desktop upon logon...
0
 

Author Comment

by:salman_sulaiman_2008
ID: 22666547
Greetings Everyone!
Thanks for the replies! They really do help!
Best wishes,
~salman~
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question