[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active Directory OU Special Permissions

Posted on 2008-11-07
6
Medium Priority
?
1,507 Views
Last Modified: 2013-12-05
Hi

We are using Windows 2003 DC's.

One of our OU's have several containers within it. One of those containers, Container1,  has Special Permissions assigned to Group1.
I need to apply these same permissions to another container, Container2, within the same OU.

Could someone tell me the best way to do this?

Thanks!
0
Comment
Question by:kam_uk
  • 3
  • 2
6 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22903346
Hello kam_uk,

What permissions? do you mean delegated permissions?


There are times when you want to give a particular user/group, rights to do mundane tasks
like unlock accounts reset passwords etc but you DONT (for obvious reasons) want to put
them in the domain admins group. The simplest solution is to put the users into the "account
operators" group, the drawback of this is they then have those rights across the ENTIRE DOMAIN.

A more practical solution is to use the built in delegation of control wizard, for example
if your finance department want a user or group of users to be able to manage THEIR user
accounts only then simply create a finance OU (organisational Unit) in active directory
(in AD users and computers > right click [yourdomain] > new > Organisational unit)

Move the user objects into this OU (select the user(s) right click >move)

Decide weather its an individual user you want to grant rights to or a group of users. If
its a group create a group (in the OU you created) and put in the users who need the rights.

Now simply right click the new OU and select "Delegate control" follow the on screen wizard
and give the appropriate rights to the group or user.

Delegation of Control
http://www.windowsitpro.com/SmallBusinessCenter/Article/ArticleID/22555/SmallBusinessCenter_22555.html

Step-by-Step Guide to Using the Delegation of Control Wizard
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx

Regards,

PeteLong
0
 
LVL 3

Author Comment

by:kam_uk
ID: 22903385
Hi Pete

Sorry, I mean Security Permissions on the container!
0
 
LVL 3

Author Comment

by:kam_uk
ID: 22904839
Any idea?

Do I need to copy all the relevant Security permissions manually and apply them on the other container?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 57

Expert Comment

by:Pete Long
ID: 22911573
why do you need custom permissions on the OU what are you trying to achieve?
0
 
LVL 3

Author Comment

by:kam_uk
ID: 22987384
Just copy them across...one group has special permission applied to an OU, i need to have the same special permissions applied to another group
0
 
LVL 2

Accepted Solution

by:
bruce_77 earned 2000 total points
ID: 23005199
Probably easiest to do it manually, have two screen up - one each for the properties of each OU!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question