Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Delegation of Control

Posted on 2009-07-02
3
Medium Priority
?
384 Views
Last Modified: 2012-05-07
Hello,
I have a user that i want to give him a delegation of control over an OU, but i only want him to be able to do the following:
- Create user accounts and manage user accounts for that OU.
- Create and join computer acounts to the domain.
- Create and manage Exchange mail boxes for the user accounts residing in that OU.
- Act like an administrator over the computers accounts that reside in that OU (Ex. managing and installing applications with administrative previliges over the computers residing in that OU)

When i went to the Delegation of control Winzard in the Domain controller (windows 2003), i added the user, then chose "Create a custom task to delegate" and then i didn't know what to chose from there, as the list is really huge and didn't find any guide that explains what eash choise is for.

can any one point me to a guide or help me in creating that delegation.

0
Comment
Question by:stalliondz
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24764648
I don't have exchange in my current lab so I can't take screen shots of that but
Look at my first screen shot for the accounts on the OU, you can select that setting
To add machines to the domain you can delegate that at the domain level (screenshot 2)
As far as the admin rights on the PCs in that OU. What I'd do there is create a group policy and add him to to the local admin group on all the PCs in that OU.
Florian has a really good blog about that, it is known as restricted groups
http://www.frickelsoft.net/blog/?p=13
Thanks
 
Mike

OU-level-Accounts.jpg
Domain-Level-Add-machine.jpg
0
 

Author Comment

by:stalliondz
ID: 24901991
thx Mkline71, that worked to let the user join computers to the domain, and it also gave him priviliges to add new users, but when it comes to creating a mail box for the users, the open where you choose the storage group/location of the mail box, it just shows it empty, thus the users can't create the e-mail box for the user he is creating. is there any solution for that. thx
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24905083
I won't blow smoke about exchange...not an expert there.  I did see this thread that looks promising
http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.admin/2007-01/msg02317.html
Thanks
Mike
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question