Solved

Delegation through AD

Posted on 2013-10-28
3
224 Views
Last Modified: 2013-11-14
Good morning I have been successful with deploying delegation through AD on an OU. In fact I have been successful with applying delegation options to an OU through a security group.

Here is the problem I am having. I need to delegate for an additional 30 other OU's. How can I go through the process of selecting what I would like to delegate as far as permissions and then be able to apply this to other people on different sub ou levels. We are using server 2008 R2 sp1.
0
Comment
Question by:techdrive
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39605399
No easy way to forklift ACLs from one OU to another, would be a nice feature.  In theory you could script it out to check an OU and then apply the same permissions to another OU...I personally don't have that script written.

Delegation can flow to child OUs but it sounds like you want to copy the ACLs do other OUs too.

Thanks


Mike
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 39605575
Use this software one of the best tools for delegation

http://www.quest.com/activeroles-server/
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39605587
Your based bet would be to do this manually as you can take your time and ensure that you are delegating the permissions properly with no error.

You can in fact do this from powershell, but I would highly recommend that you test the script several times on different Test OU structures or even a totally isolated AD environment in a lab.

Below is a link to a great example to accomplish this in Powershell with entire break down. If you are not comfortable with powershell i would recommend doing this manually through the GUI.

http://blogs.technet.com/b/joec/archive/2013/04/25/active-directory-delegation-via-powershell.aspx

Will.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question