Delegation read only to certain AD folders
Posted on 2011-09-26
Ok, I know of the delegation wizard, and installing the adminpak.msi for a user you want to delegate certain functions. This is my scenario, I want to give the adminpak to a user to have read only, but on only certain folders/OU's in AD. If the user connects using UAC they connect with no problem with read only. Why, when I have not set any permissions. And is there a best practice for this scenario where to allow certain folders/OU's read only access and others not even able to click on?
I can certainly add the user to each, read on some and deny on others, but this seems a bit much. Any suggestions?