• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 637
  • Last Modified:

Allow a domain user to manage AD Users from their workstation?

The company has a 2008 SBS server. I am wondering if there is a way to allow 1 designated user to manage the domain user accounts from their workstation wihthout having to gain access to the server? I want them to be able to unlock acocunts, change passwords and modify distribution group members.

They are already doing RDP to the server from the workstation. I would like it if there were a shortcut on their workstation right to the AD users container.

Is this possible?
0
craignh
Asked:
craignh
  • 2
1 Solution
 
craignhAuthor Commented:
If it is possible what kind of permissions would the user need so they dont need to log in under admin account?
0
 
Sikhumbuzo NtsadaSenior IT TechnicianCommented:
It is posible, just add the user as part of the "HelpServicesGroup" and istall admin tools on his/her PC. He will only be able to do minimal things.
0
 
craignhAuthor Commented:
Thanks but I dont see a help services group on the WIndows 2008 SBS server?
0
 
Ron MalmsteadInformation Services ManagerCommented:
Using ..ADUC

Add a Delegation Permission - http://www.youtube.com/watch?v=0YHgssU7-GI&feature=related
Then..
Create a Task pad if you want to limit the interface the user can see. -http://www.petri.co.il/create_taskpads_for_ad_operations.htm

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now