Solved

Active Directory 2008 Permissions

Posted on 2011-03-01
9
938 Views
Last Modified: 2012-05-11
What is the easiest way to give an admin access to manage ou's and log into some servers centrally, without giving high level access?  
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 400 total points
ID: 35012963
To give permissions to OUs you can right click the OU and use the deleagtion wizard to assign the needed permissions. What permissions are you look to give?

For server access, you can either add them to the local Admin group on a member server or add them to the remote desktop users group. From the sound of your post I think the remote desktop users group is what you want. They can also use active directory users and computer from their desktop if you do not want them logging into a server.
0
 
LVL 15

Assisted Solution

by:wantabe2
wantabe2 earned 100 total points
ID: 35012973
Use the delegation wizaard. This will do the trick
0
 
LVL 3

Expert Comment

by:mnation1
ID: 35012979
You could try adding them to Group Policy Creator Owners and Schema Admins.  That will give them access to alter the schema and group policy objects in AD, but it shouldn't allow them administrator access on all machines.  Then explicitly add the account to the administrators group on the servers/workstations you'd like them to manage.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 27

Expert Comment

by:KenMcF
ID: 35012995
Why the Schema Admins group? this group should be empty and only add users when and if you need to make any schema modifications.
0
 

Author Comment

by:Jack_son_
ID: 35013050
we want to limit it to management of OU's and adding email accounts.  Also, access to limited servers.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 400 total points
ID: 35013105
You will need to determine what permissions you want to give and then use the delegation wizard.
Look into creating a task pad view so they get a view of a single OU or whatever you want.

For the servers you can do this through a GPO
http://www.frickelsoft.net/blog/?p=13

http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 400 total points
ID: 35013176
0
 

Author Comment

by:Jack_son_
ID: 35013880
great thanks, let me try it. Will it also let you prevent them from adding users from adding users to groups with elevated privileges?
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 400 total points
ID: 35013892
it depends on how you set the permissions on the group and users.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question