WellingtonIS
asked on
Domain Admin rights and views
We are migrating our domain to a bigger domain. currently we have child domain. The powers that be have taken away my administrator rights and it's a nightmare. Is there a way for me to be set up on my DC to ONLY SEE my OU so that I can only administer my own OU without seeing or accessing anyone elses? I thought AD was designed for this.
Yes, AD Delegation: http://technet.microsoft.com/en-us/library/cc960527.aspx
ASKER
OK let me pass this on. I'm not understanding it so much but we'll c
ASKER
What does the managed by mean for the OU will that give us rights?
Right Click the OU in question and select the Delegate Control Option. There is a wizard that they can go through and select everything that they want you to be able to do:
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
So are you asking to open up ADUC and just see your OU, that you won't get through delegation. Delegation just delegates rights.
You can create a taskpad view if you want to see less http://www.petri.co.il/create_taskpads_for_ad_operations.htm
By default authenticated users have read access to most of the directory and that is why you see everything.
Thanks
Mike
You can create a taskpad view if you want to see less http://www.petri.co.il/create_taskpads_for_ad_operations.htm
By default authenticated users have read access to most of the directory and that is why you see everything.
Thanks
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sorry it took so long for me to close this. I'm busy migrating the domain.