cntboys
asked on
AD delegation
I have been asked to look into delegating access to certain sections of AD in order to allow priviledges users to update information on a per user basis (General, address, telelphone and organisation tabs)
I have started off by giving my test user a custom task "this fodler, exisintg objects, and creation of new objects in the folder" I intend to change this longer term, but just wanted to try it out for testing.
so the user has access to each user properties page and I can amend details as iw ould expect, but on other users with the same OU all the tabs are greyed out, the users all appear to be identical and I believe they were all created at the same time (recent migration) Can anyoen tell me why the properties page for some users is all greyed out and how I can reolve this please?
Windows 2003 64bit SP (AD server) opening the console on a Citrix PS4.5 client session. If you need further info let me know.
I have started off by giving my test user a custom task "this fodler, exisintg objects, and creation of new objects in the folder" I intend to change this longer term, but just wanted to try it out for testing.
so the user has access to each user properties page and I can amend details as iw ould expect, but on other users with the same OU all the tabs are greyed out, the users all appear to be identical and I believe they were all created at the same time (recent migration) Can anyoen tell me why the properties page for some users is all greyed out and how I can reolve this please?
Windows 2003 64bit SP (AD server) opening the console on a Citrix PS4.5 client session. If you need further info let me know.
r u sure the delegation permission is inherited to all the sub ou's and objects ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the replies, Iw as out fo the office rfiday so didnt get chance to look at this.
It is possible (although unlikely) that these users were ever admins, if this was the case thoguh, would I be able to re-apply the permissions so the delegates can manage the accounts?
It is possible (although unlikely) that these users were ever admins, if this was the case thoguh, would I be able to re-apply the permissions so the delegates can manage the accounts?
Did you read the link that I referenced above? It describes several workarounds to allow delegated permissions to apply to protected accounts.