Solved

Delegation through AD

Posted on 2013-10-28
3
221 Views
Last Modified: 2013-11-14
Good morning I have been successful with deploying delegation through AD on an OU. In fact I have been successful with applying delegation options to an OU through a security group.

Here is the problem I am having. I need to delegate for an additional 30 other OU's. How can I go through the process of selecting what I would like to delegate as far as permissions and then be able to apply this to other people on different sub ou levels. We are using server 2008 R2 sp1.
0
Comment
Question by:techdrive
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
No easy way to forklift ACLs from one OU to another, would be a nice feature.  In theory you could script it out to check an OU and then apply the same permissions to another OU...I personally don't have that script written.

Delegation can flow to child OUs but it sounds like you want to copy the ACLs do other OUs too.

Thanks


Mike
0
 
LVL 10

Expert Comment

by:jmanishbabu
Comment Utility
Use this software one of the best tools for delegation

http://www.quest.com/activeroles-server/
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
Your based bet would be to do this manually as you can take your time and ensure that you are delegating the permissions properly with no error.

You can in fact do this from powershell, but I would highly recommend that you test the script several times on different Test OU structures or even a totally isolated AD environment in a lab.

Below is a link to a great example to accomplish this in Powershell with entire break down. If you are not comfortable with powershell i would recommend doing this manually through the GUI.

http://blogs.technet.com/b/joec/archive/2013/04/25/active-directory-delegation-via-powershell.aspx

Will.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now