Permissions required to add a user to a group (dsacls)

Simon336697
Simon336697 used Ask the Experts™
on
Hi guys,

I would like to let a user be able to add users to a group. I am not sure what permissions are needed to be set in order to do this.
If Bob is that user who is allowed to add users to the group TEST, then how would you do this using a tool like dsacls?
Any help greatly appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Krzysztof PytkoSenior Active Directory Engineer
Top Expert 2012
Commented:
You are interested in using DSACLS command in fact, or just any way to achieve that ?
To use DSACLS I will check that in test env but for other ways, you can see that on my blog at
http://kpytko.wordpress.com/2012/05/16/active-directory-rights-delegation-overview/
http://kpytko.wordpress.com/2012/05/17/active-directory-rights-delegation-part-1/

and on Mike's blog at
http://adisfun.blogspot.com/2009/08/extend-ad-delegation-control-wizard.html

Regards,
Krzysztof
Senior Active Directory Engineer
Top Expert 2012
Commented:
OK, you may try with

dsacls "cn=GroupNameOnWhichYouWantToGrantAccess,ou=GroupLocation,dc=domain,dc=local" /G GroupAllowedForthatOrUser@domain.local:WP;member;

Open in new window


Krzysztof
yo_beeDirector of Information Technology
Commented:
You can also delegation wizard in ADUC.

http://www.howtogeek.com/50166/using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008/

There is an option midway down under Task to Delegate > Modify the Membership of Groups.  This should accomplish the desired results.

Author

Commented:
Thanks guys

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial