• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 957
  • Last Modified:

Active Directory 2008 Permissions

What is the easiest way to give an admin access to manage ou's and log into some servers centrally, without giving high level access?  
0
Jack_son_
Asked:
Jack_son_
5 Solutions
 
KenMcFCommented:
To give permissions to OUs you can right click the OU and use the deleagtion wizard to assign the needed permissions. What permissions are you look to give?

For server access, you can either add them to the local Admin group on a member server or add them to the remote desktop users group. From the sound of your post I think the remote desktop users group is what you want. They can also use active directory users and computer from their desktop if you do not want them logging into a server.
0
 
wantabe2Commented:
Use the delegation wizaard. This will do the trick
0
 
mnation1Commented:
You could try adding them to Group Policy Creator Owners and Schema Admins.  That will give them access to alter the schema and group policy objects in AD, but it shouldn't allow them administrator access on all machines.  Then explicitly add the account to the administrators group on the servers/workstations you'd like them to manage.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
KenMcFCommented:
Why the Schema Admins group? this group should be empty and only add users when and if you need to make any schema modifications.
0
 
Jack_son_Author Commented:
we want to limit it to management of OU's and adding email accounts.  Also, access to limited servers.
0
 
KenMcFCommented:
You will need to determine what permissions you want to give and then use the delegation wizard.
Look into creating a task pad view so they get a view of a single OU or whatever you want.

For the servers you can do this through a GPO
http://www.frickelsoft.net/blog/?p=13

http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
KenMcFCommented:
0
 
Jack_son_Author Commented:
great thanks, let me try it. Will it also let you prevent them from adding users from adding users to groups with elevated privileges?
0
 
KenMcFCommented:
it depends on how you set the permissions on the group and users.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now