Improve company productivity with a Business Account.Sign Up

x
?
Solved

Domain administrator with limited Active Directory access

Posted on 2014-01-15
4
Medium Priority
?
394 Views
Last Modified: 2014-01-17
Hello, I want to give a user some access to update entries in Active Directory so they can add and remove addresses in an address book for the company.  Is there a way I can setup an ID so a user can use active directory from a workstation and limit them to what they can access?  I want them to have access to only one OU.
0
Comment
Question by:tucktech
4 Comments
 
LVL 35

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 520 total points
ID: 39782384
There are a few ways to do this, depending on how much access you want to give.  The easiest may be to right-click the OU in question and Delegate Access to a user or group.

http://technet.microsoft.com/en-us/library/cc778807(v=ws.10).aspx

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html
0
 
LVL 10

Accepted Solution

by:
remmett70 earned 560 total points
ID: 39782386
The workstation the user would need to have RSAT (remote Server administrative Tools) installed.  You can then delegate control of an OU to the user

http://technet.microsoft.com/en-us/library/cc732524.aspx

Also probably want to create them a custom MMC that open in the OU they will manage.
0
 
LVL 2

Assisted Solution

by:mcj2006
mcj2006 earned 520 total points
ID: 39782404
right click on the OU in active directory users and computers. Delegate control.

On the workstation install RSAT http://www.microsoft.com/en-us/download/details.aspx?id=7887
0
 

Author Closing Comment

by:tucktech
ID: 39789899
Yes, this will work, excellent
0

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question