• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 389
  • Last Modified:

Delegation of Control

Hello,
I have a user that i want to give him a delegation of control over an OU, but i only want him to be able to do the following:
- Create user accounts and manage user accounts for that OU.
- Create and join computer acounts to the domain.
- Create and manage Exchange mail boxes for the user accounts residing in that OU.
- Act like an administrator over the computers accounts that reside in that OU (Ex. managing and installing applications with administrative previliges over the computers residing in that OU)

When i went to the Delegation of control Winzard in the Domain controller (windows 2003), i added the user, then chose "Create a custom task to delegate" and then i didn't know what to chose from there, as the list is really huge and didn't find any guide that explains what eash choise is for.

can any one point me to a guide or help me in creating that delegation.

0
stalliondz
Asked:
stalliondz
  • 2
1 Solution
 
Mike KlineCommented:
I don't have exchange in my current lab so I can't take screen shots of that but
Look at my first screen shot for the accounts on the OU, you can select that setting
To add machines to the domain you can delegate that at the domain level (screenshot 2)
As far as the admin rights on the PCs in that OU. What I'd do there is create a group policy and add him to to the local admin group on all the PCs in that OU.
Florian has a really good blog about that, it is known as restricted groups
http://www.frickelsoft.net/blog/?p=13
Thanks
 
Mike

OU-level-Accounts.jpg
Domain-Level-Add-machine.jpg
0
 
stalliondzAuthor Commented:
thx Mkline71, that worked to let the user join computers to the domain, and it also gave him priviliges to add new users, but when it comes to creating a mail box for the users, the open where you choose the storage group/location of the mail box, it just shows it empty, thus the users can't create the e-mail box for the user he is creating. is there any solution for that. thx
0
 
Mike KlineCommented:
I won't blow smoke about exchange...not an expert there.  I did see this thread that looks promising
http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.admin/2007-01/msg02317.html
Thanks
Mike
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now