Solved

Delegation of Control

Posted on 2009-07-02
3
373 Views
Last Modified: 2012-05-07
Hello,
I have a user that i want to give him a delegation of control over an OU, but i only want him to be able to do the following:
- Create user accounts and manage user accounts for that OU.
- Create and join computer acounts to the domain.
- Create and manage Exchange mail boxes for the user accounts residing in that OU.
- Act like an administrator over the computers accounts that reside in that OU (Ex. managing and installing applications with administrative previliges over the computers residing in that OU)

When i went to the Delegation of control Winzard in the Domain controller (windows 2003), i added the user, then chose "Create a custom task to delegate" and then i didn't know what to chose from there, as the list is really huge and didn't find any guide that explains what eash choise is for.

can any one point me to a guide or help me in creating that delegation.

0
Comment
Question by:stalliondz
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24764648
I don't have exchange in my current lab so I can't take screen shots of that but
Look at my first screen shot for the accounts on the OU, you can select that setting
To add machines to the domain you can delegate that at the domain level (screenshot 2)
As far as the admin rights on the PCs in that OU. What I'd do there is create a group policy and add him to to the local admin group on all the PCs in that OU.
Florian has a really good blog about that, it is known as restricted groups
http://www.frickelsoft.net/blog/?p=13
Thanks
 
Mike

OU-level-Accounts.jpg
Domain-Level-Add-machine.jpg
0
 

Author Comment

by:stalliondz
ID: 24901991
thx Mkline71, that worked to let the user join computers to the domain, and it also gave him priviliges to add new users, but when it comes to creating a mail box for the users, the open where you choose the storage group/location of the mail box, it just shows it empty, thus the users can't create the e-mail box for the user he is creating. is there any solution for that. thx
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 125 total points
ID: 24905083
I won't blow smoke about exchange...not an expert there.  I did see this thread that looks promising
http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.admin/2007-01/msg02317.html
Thanks
Mike
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now