Solved

Domain administrator with limited Active Directory access

Posted on 2014-01-15
4
384 Views
Last Modified: 2014-01-17
Hello, I want to give a user some access to update entries in Active Directory so they can add and remove addresses in an address book for the company.  Is there a way I can setup an ID so a user can use active directory from a workstation and limit them to what they can access?  I want them to have access to only one OU.
0
Comment
Question by:tucktech
4 Comments
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 130 total points
ID: 39782384
There are a few ways to do this, depending on how much access you want to give.  The easiest may be to right-click the OU in question and Delegate Access to a user or group.

http://technet.microsoft.com/en-us/library/cc778807(v=ws.10).aspx

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html
0
 
LVL 10

Accepted Solution

by:
remmett70 earned 140 total points
ID: 39782386
The workstation the user would need to have RSAT (remote Server administrative Tools) installed.  You can then delegate control of an OU to the user

http://technet.microsoft.com/en-us/library/cc732524.aspx

Also probably want to create them a custom MMC that open in the OU they will manage.
0
 
LVL 2

Assisted Solution

by:mcj2006
mcj2006 earned 130 total points
ID: 39782404
right click on the OU in active directory users and computers. Delegate control.

On the workstation install RSAT http://www.microsoft.com/en-us/download/details.aspx?id=7887
0
 

Author Closing Comment

by:tucktech
ID: 39789899
Yes, this will work, excellent
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now