Solved

Delegation of Control

Posted on 2009-07-02
3
375 Views
Last Modified: 2012-05-07
Hello,
I have a user that i want to give him a delegation of control over an OU, but i only want him to be able to do the following:
- Create user accounts and manage user accounts for that OU.
- Create and join computer acounts to the domain.
- Create and manage Exchange mail boxes for the user accounts residing in that OU.
- Act like an administrator over the computers accounts that reside in that OU (Ex. managing and installing applications with administrative previliges over the computers residing in that OU)

When i went to the Delegation of control Winzard in the Domain controller (windows 2003), i added the user, then chose "Create a custom task to delegate" and then i didn't know what to chose from there, as the list is really huge and didn't find any guide that explains what eash choise is for.

can any one point me to a guide or help me in creating that delegation.

0
Comment
Question by:stalliondz
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24764648
I don't have exchange in my current lab so I can't take screen shots of that but
Look at my first screen shot for the accounts on the OU, you can select that setting
To add machines to the domain you can delegate that at the domain level (screenshot 2)
As far as the admin rights on the PCs in that OU. What I'd do there is create a group policy and add him to to the local admin group on all the PCs in that OU.
Florian has a really good blog about that, it is known as restricted groups
http://www.frickelsoft.net/blog/?p=13
Thanks
 
Mike

OU-level-Accounts.jpg
Domain-Level-Add-machine.jpg
0
 

Author Comment

by:stalliondz
ID: 24901991
thx Mkline71, that worked to let the user join computers to the domain, and it also gave him priviliges to add new users, but when it comes to creating a mail box for the users, the open where you choose the storage group/location of the mail box, it just shows it empty, thus the users can't create the e-mail box for the user he is creating. is there any solution for that. thx
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 125 total points
ID: 24905083
I won't blow smoke about exchange...not an expert there.  I did see this thread that looks promising
http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.admin/2007-01/msg02317.html
Thanks
Mike
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question