Solved

Delegation through AD

Posted on 2013-10-28
3
226 Views
Last Modified: 2013-11-14
Good morning I have been successful with deploying delegation through AD on an OU. In fact I have been successful with applying delegation options to an OU through a security group.

Here is the problem I am having. I need to delegate for an additional 30 other OU's. How can I go through the process of selecting what I would like to delegate as far as permissions and then be able to apply this to other people on different sub ou levels. We are using server 2008 R2 sp1.
0
Comment
Question by:techdrive
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39605399
No easy way to forklift ACLs from one OU to another, would be a nice feature.  In theory you could script it out to check an OU and then apply the same permissions to another OU...I personally don't have that script written.

Delegation can flow to child OUs but it sounds like you want to copy the ACLs do other OUs too.

Thanks


Mike
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 39605575
Use this software one of the best tools for delegation

http://www.quest.com/activeroles-server/
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39605587
Your based bet would be to do this manually as you can take your time and ensure that you are delegating the permissions properly with no error.

You can in fact do this from powershell, but I would highly recommend that you test the script several times on different Test OU structures or even a totally isolated AD environment in a lab.

Below is a link to a great example to accomplish this in Powershell with entire break down. If you are not comfortable with powershell i would recommend doing this manually through the GUI.

http://blogs.technet.com/b/joec/archive/2013/04/25/active-directory-delegation-via-powershell.aspx

Will.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question