<div>
Hi,<br />
<br />
I've got multiple site offices so the users OU is spread across multiple different OU, hence I must add the delegation from the root domain for this one particular AD account.<br />
<br />
I want to know how is that possible in AD so that this DOMAIN\IT-Support account only can crease read update delete Accounts and Groups in all AD but not escalating itself as DOMAIN Admins.
</div>


Hi,

I've got multiple site offices so the users OU is spread across multiple different OU, hence I must add the delegation from the root domain for this one particular AD account.

I want to know how is that possible in AD so that this DOMAIN\IT-Support account only can crease read update delete Accounts and Groups in all AD but not escalating itself as DOMAIN Admins.

<div>
<div class="content wysiwyg-content">
People,<br />
<br />
In my AD domain with Windows Server <br />
<br />
How can I grant my newly created DOMAIN\IT-Support team permission to:<br />
<br />
1. Create &amp;&nbsp;Reset AD account other than <b>DOMAIN\Administrator</b><br />
2. Create &amp;&nbsp;Delete AD group and edit the existing AD security &amp;&nbsp;distribution group members<br />
<br />
Because when I follow the steps in: <a href="https://community.spiceworks.com/how_to/1464-how-to-delegate-password-reset-permissions-for-your-it-staff" rel="ugc">https://community.spiceworks.com/how_to/1464-how-to-delegate-password-reset-permissions-for-your-it-staff</a>, on steps #2 and #3<br />
<br />
the DOMAIN\IT-Support account cannot do any operations with AD security group ?
</div>
</div>


People,

In my AD domain with Windows Server 

How can I grant my newly created DOMAIN\IT-Support team permission to:

1. Create & Reset AD account other than DOMAIN\Administrator
2. Create & Delete AD group and edit the existing AD security & distribution group members

Because when I follow the steps in: https://community.spiceworks.com/how_to/1464-how-to-delegate-password-reset-permissions-for-your-it-staff, on steps #2 and #3

the DOMAIN\IT-Support account cannot do any operations with AD security group ?

Delegate IT support account to manage AD accounts and Groups in AD ?

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

IT Administration is the processes and best practices for programming and development, and incorporates methodologies for managing activities and projects. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, extreme programming and various types of agile methodology. The life-cycle "model" is a more general term for a category of methodologies, and a software development "process" a more specific term to refer to a specific process chosen by a specific organization.

IT Administration

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.