Solved

AD Deleqation control

Posted on 2008-09-29
4
201 Views
Last Modified: 2010-03-17
Greetings:
I have given some users limit permissions using AD delegation control to manage their users at their departments ,when i tried to login to the DC using the username and password for the delegator i couldn't, so do i need to do anything more than give him permissions through delegation control and adding them to the remote disktop  users??
0
Comment
Question by:salman_sulaiman_2008
  • 2
4 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22595162
Hi salman_sulaiman_2008,

You can use this interesting article as reference:

http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

Hope it's what you're looking for.

Cheers.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 50 total points
ID: 22597163
Why have them login to the DC? That's not a good practive as the're not Domain Admins.
You should create GPO to install the ADCU utility on those Admins machines during reboot so that they have the ADCU utility installed and have them run that ADCU console from their own machine. Giving then access to Remote Desktop to DC is not a good practice and you need to grant them logon through terminal services etc as by default, non Administrator cannot RDP to domain controller.
0
 
LVL 18

Accepted Solution

by:
Americom earned 50 total points
ID: 22597289
Here's the Computer GPO you can create from Windows Settings-->Scripts-->Startup

Scrtip Name: \\DomainName\ShareName\adminpak.msi   (where ever you keep your software installs)

Script Parameters: ADDLOCAL=FeADTools /qn

You may even want to customize a ADCU MSC so that those admins can only see their delgation etc....and copy the customized MSC to their desktop upon logon...
0
 

Author Comment

by:salman_sulaiman_2008
ID: 22666547
Greetings Everyone!
Thanks for the replies! They really do help!
Best wishes,
~salman~
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question