Delegating Activedirectory permissions

We have one user who occasionally sets up laptops for new users. When he installs any softwares it randomly asks for domain admin password. His logins does not allow that. He has to usually log in as local admin and install

is there any AD delegated permission i can give so he can install software, create user accounts and reset passwords?
Sundeep VAsked:
Who is Participating?
MAS (MVE)EE Solution GuideCommented:
Please follow guide below to set up Restricted Groups. (Administrators means local admin group) 
So he will have local admin rights on domain added PCs

check this for details
You'd also need to delegate permission in AD for the user to manage user accounts;

You'd be better delegating permission for this and for managing software installs to a group with this one user as a member so that you can add & remove others as needed in the future.
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
If this user is to have local administrator account privileges then the easiest thing to do is to add him/her to the local administrators group by creating a group policy and applying to the OU where the computers are.  This will be a computer local script and the script will be as follows:

net localgroup administrators domain.local\userx /add
AmitIT ArchitectCommented:
If he has local admin password, ask him to run set as administrator. He can press shift + right click button and run as admin. For create, modify user add him to account operator group.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.