Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory Delegation

Posted on 2008-10-01
10
Medium Priority
?
315 Views
Last Modified: 2010-03-17
I went to ADUC and the delegation of control wizard to delgate the authority to perform ceertain tasks.  The problem i have how do I tell whom I've delegated control and how to remove it?  I don't se the user I just delegated control to liste din the wizard the next time i launch it?
0
Comment
Question by:georgedschneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22615993

Hey,

You'd have to look at the security tab I'm afraid.

All the delegation wizard does is provide you with a friendly face for setting the security on a container / OU / object.

Chris
0
 

Author Comment

by:georgedschneider
ID: 22616025
How do I remove the rights I just added through the security tab?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 22616092
You need to edit the security settings on the security tab in the same was as you would permissions on a file or folder.

BTW its best practice only to delegate to groups - even if that group contains only one person initially. That way if you want to revoke permissions you just remove the user from the group - or you can add users to the group to grant them the permissions.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 22616102

If they're not clear under the main security box you'll have to head into Advanced and pick them out of the list again. Depending on what you set it might not really be very hard, for instance, if you applied something to only user accounts watch out for the object type under the "Applies to" column.

Chris
0
 

Author Comment

by:georgedschneider
ID: 22617989
can I use a tool such dsacls to do this?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22618009

Sure, it's just less clear than the GUI :) But if you're happy with it you should be fine modifying the ACLs.

Chris
0
 

Author Comment

by:georgedschneider
ID: 22618237
The problem I'm having is lookng at the security tab I'm having a hard time telling what rights are the delegated authorities I've granted.  How can I determine what are the delegated authorities verses noraml security rights granted to the object.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 22618427

You can't, there's no such difference. As I said above, all the delegation wizard does is dress up the security modification in a friendly form to allow these to be set without having to dig into the underlying rights.

That said, you're likely to find that the permissions are moderately obvious because they'll be explicit at that level rather than implicit because of inheritance.

Which of the permissions are "Not inherited"?

Chris
0
 

Author Comment

by:georgedschneider
ID: 22665597
Would the best way to ctrate a temp account check its rights and then deletgate authority and see what has chnaged?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22667185

I normally delegate permissions to a group, but in effect that's the same thing and your approach would certainly work well to see the impact of the change.

Chris
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question