Solved

Delegation of Control

Posted on 2009-07-02
3
377 Views
Last Modified: 2012-05-07
Hello,
I have a user that i want to give him a delegation of control over an OU, but i only want him to be able to do the following:
- Create user accounts and manage user accounts for that OU.
- Create and join computer acounts to the domain.
- Create and manage Exchange mail boxes for the user accounts residing in that OU.
- Act like an administrator over the computers accounts that reside in that OU (Ex. managing and installing applications with administrative previliges over the computers residing in that OU)

When i went to the Delegation of control Winzard in the Domain controller (windows 2003), i added the user, then chose "Create a custom task to delegate" and then i didn't know what to chose from there, as the list is really huge and didn't find any guide that explains what eash choise is for.

can any one point me to a guide or help me in creating that delegation.

0
Comment
Question by:stalliondz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24764648
I don't have exchange in my current lab so I can't take screen shots of that but
Look at my first screen shot for the accounts on the OU, you can select that setting
To add machines to the domain you can delegate that at the domain level (screenshot 2)
As far as the admin rights on the PCs in that OU. What I'd do there is create a group policy and add him to to the local admin group on all the PCs in that OU.
Florian has a really good blog about that, it is known as restricted groups
http://www.frickelsoft.net/blog/?p=13
Thanks
 
Mike

OU-level-Accounts.jpg
Domain-Level-Add-machine.jpg
0
 

Author Comment

by:stalliondz
ID: 24901991
thx Mkline71, that worked to let the user join computers to the domain, and it also gave him priviliges to add new users, but when it comes to creating a mail box for the users, the open where you choose the storage group/location of the mail box, it just shows it empty, thus the users can't create the e-mail box for the user he is creating. is there any solution for that. thx
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 125 total points
ID: 24905083
I won't blow smoke about exchange...not an expert there.  I did see this thread that looks promising
http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.admin/2007-01/msg02317.html
Thanks
Mike
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question