[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 33
  • Last Modified:

Delegating permissions in Active Directory 2012

Hi all,

Im trying to delegate rights for a user to be able to process simple tasks in Active Directory 2012 including reset passwords, unlock accounts, change passwords. I have gone through delegate access wizard but im not sure the best way to edit this after i have delegated rights.

What is the best way to do this?
0
MJB2011
Asked:
MJB2011
  • 4
  • 2
2 Solutions
 
Joseph MoodyBlogger and wearer of all hats.Commented:
I prefer to create groups named something like: Delegated - Account Management or Delegated - Helpdesk Role. With these groups, I assign several permissions to them and document the permissions in the group comments. When I need to edit additional permissions, I can open the security tab on the OU and head to advance - then I can specifically add/remove permissions for different classes of objects.
0
 
MJB2011Author Commented:
Yes thats what I have done, i specifically want to know how to edit the group access to allow password resets, and account unlocking.
0
 
MAS EE MVETechnical Department HeadCommented:
Agree with Joseph Moody
Create a group and apply the permission on the group.
In future if admin leaves you can assign the same permission by adding the new admin to the group and remove by just removing from the group.

Here is an explanation.
https://www.experts-exchange.com/questions/28960130/setup-delegation-in-Windows-2012-R2-active-directory.html

Thanks
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
MJB2011Author Commented:
Im not sure if you understand. I know how to create a group and add member to it. I can do this. However, Im trying to work which access i have to delegate to just be able to delegate rights to change passwords and unlock accounts. For example, If i use the delegation wizard I can delegate right to change and reset password, but the unlock account is then greyed out.  So which option do i use to allow the rights to unlock accounts?
0
 
MJB2011Author Commented:
0
 
MAS EE MVETechnical Department HeadCommented:
Glad to know you got it and thanks for sharing it.

Thanks
MAS
0
 
MJB2011Author Commented:
Full resolution
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now