Delegating Activedirectory permissions

We have one user who occasionally sets up laptops for new users. When he installs any softwares it randomly asks for domain admin password. His logins does not allow that. He has to usually log in as local admin and install

is there any AD delegated permission i can give so he can install software, create user accounts and reset passwords?
Sundeep VAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MASEE Solution Guide - Technical Dept HeadCommented:
Please follow guide below to set up Restricted Groups. (Administrators means local admin group)
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html 
So he will have local admin rights on domain added PCs

check this for details
https://social.technet.microsoft.com/Forums/windowsserver/en-US/c756996c-f562-4b18-9c61-33349961c622/giving-domain-users-local-admin-rights?forum=winserversecurity
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CamyCommented:
You'd also need to delegate permission in AD for the user to manage user accounts;

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Implementing-Active-Directory-Delegation-Administration.html

You'd be better delegating permission for this and for managing software installs to a group with this one user as a member so that you can add & remove others as needed in the future.
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
If this user is to have local administrator account privileges then the easiest thing to do is to add him/her to the local administrators group by creating a group policy and applying to the OU where the computers are.  This will be a computer local script and the script will be as follows:

net localgroup administrators domain.local\userx /add
0
AmitIT ArchitectCommented:
If he has local admin password, ask him to run set as administrator. He can press shift + right click button and run as admin. For create, modify user add him to account operator group.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.