Active Directory Delegation

I went to ADUC and the delegation of control wizard to delgate the authority to perform ceertain tasks.  The problem i have how do I tell whom I've delegated control and how to remove it?  I don't se the user I just delegated control to liste din the wizard the next time i launch it?
georgedschneiderAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

You can't, there's no such difference. As I said above, all the delegation wizard does is dress up the security modification in a friendly form to allow these to be set without having to dig into the underlying rights.

That said, you're likely to find that the permissions are moderately obvious because they'll be explicit at that level rather than implicit because of inheritance.

Which of the permissions are "Not inherited"?

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Hey,

You'd have to look at the security tab I'm afraid.

All the delegation wizard does is provide you with a friendly face for setting the security on a container / OU / object.

Chris
0
 
georgedschneiderAuthor Commented:
How do I remove the rights I just added through the security tab?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Brian PiercePhotographerCommented:
You need to edit the security settings on the security tab in the same was as you would permissions on a file or folder.

BTW its best practice only to delegate to groups - even if that group contains only one person initially. That way if you want to revoke permissions you just remove the user from the group - or you can add users to the group to grant them the permissions.
0
 
Chris DentPowerShell DeveloperCommented:

If they're not clear under the main security box you'll have to head into Advanced and pick them out of the list again. Depending on what you set it might not really be very hard, for instance, if you applied something to only user accounts watch out for the object type under the "Applies to" column.

Chris
0
 
georgedschneiderAuthor Commented:
can I use a tool such dsacls to do this?
0
 
Chris DentPowerShell DeveloperCommented:

Sure, it's just less clear than the GUI :) But if you're happy with it you should be fine modifying the ACLs.

Chris
0
 
georgedschneiderAuthor Commented:
The problem I'm having is lookng at the security tab I'm having a hard time telling what rights are the delegated authorities I've granted.  How can I determine what are the delegated authorities verses noraml security rights granted to the object.
0
 
georgedschneiderAuthor Commented:
Would the best way to ctrate a temp account check its rights and then deletgate authority and see what has chnaged?
0
 
Chris DentPowerShell DeveloperCommented:

I normally delegate permissions to a group, but in effect that's the same thing and your approach would certainly work well to see the impact of the change.

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.