Solved

Domain administrator with limited Active Directory access

Posted on 2014-01-15
4
387 Views
Last Modified: 2014-01-17
Hello, I want to give a user some access to update entries in Active Directory so they can add and remove addresses in an address book for the company.  Is there a way I can setup an ID so a user can use active directory from a workstation and limit them to what they can access?  I want them to have access to only one OU.
0
Comment
Question by:tucktech
4 Comments
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 130 total points
ID: 39782384
There are a few ways to do this, depending on how much access you want to give.  The easiest may be to right-click the OU in question and Delegate Access to a user or group.

http://technet.microsoft.com/en-us/library/cc778807(v=ws.10).aspx

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html
0
 
LVL 10

Accepted Solution

by:
remmett70 earned 140 total points
ID: 39782386
The workstation the user would need to have RSAT (remote Server administrative Tools) installed.  You can then delegate control of an OU to the user

http://technet.microsoft.com/en-us/library/cc732524.aspx

Also probably want to create them a custom MMC that open in the OU they will manage.
0
 
LVL 2

Assisted Solution

by:mcj2006
mcj2006 earned 130 total points
ID: 39782404
right click on the OU in active directory users and computers. Delegate control.

On the workstation install RSAT http://www.microsoft.com/en-us/download/details.aspx?id=7887
0
 

Author Closing Comment

by:tucktech
ID: 39789899
Yes, this will work, excellent
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question