• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Domain administrator with limited Active Directory access

Hello, I want to give a user some access to update entries in Active Directory so they can add and remove addresses in an address book for the company.  Is there a way I can setup an ID so a user can use active directory from a workstation and limit them to what they can access?  I want them to have access to only one OU.
0
tucktech
Asked:
tucktech
3 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
There are a few ways to do this, depending on how much access you want to give.  The easiest may be to right-click the OU in question and Delegate Access to a user or group.

http://technet.microsoft.com/en-us/library/cc778807(v=ws.10).aspx

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html
0
 
remmett70Commented:
The workstation the user would need to have RSAT (remote Server administrative Tools) installed.  You can then delegate control of an OU to the user

http://technet.microsoft.com/en-us/library/cc732524.aspx

Also probably want to create them a custom MMC that open in the OU they will manage.
0
 
mcj2006Commented:
right click on the OU in active directory users and computers. Delegate control.

On the workstation install RSAT http://www.microsoft.com/en-us/download/details.aspx?id=7887
0
 
tucktechAuthor Commented:
Yes, this will work, excellent
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now