Solved

Delegating permissions in Active Directory 2012

Posted on 2016-08-18
7
26 Views
Last Modified: 2016-08-23
Hi all,

Im trying to delegate rights for a user to be able to process simple tasks in Active Directory 2012 including reset passwords, unlock accounts, change passwords. I have gone through delegate access wizard but im not sure the best way to edit this after i have delegated rights.

What is the best way to do this?
0
Comment
Question by:MJB2011
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 41760927
I prefer to create groups named something like: Delegated - Account Management or Delegated - Helpdesk Role. With these groups, I assign several permissions to them and document the permissions in the group comments. When I need to edit additional permissions, I can open the security tab on the OU and head to advance - then I can specifically add/remove permissions for different classes of objects.
0
 

Author Comment

by:MJB2011
ID: 41760938
Yes thats what I have done, i specifically want to know how to edit the group access to allow password resets, and account unlocking.
0
 
LVL 25

Assisted Solution

by:-MAS
-MAS earned 500 total points
ID: 41760975
Agree with Joseph Moody
Create a group and apply the permission on the group.
In future if admin leaves you can assign the same permission by adding the new admin to the group and remove by just removing from the group.

Here is an explanation.
https://www.experts-exchange.com/questions/28960130/setup-delegation-in-Windows-2012-R2-active-directory.html

Thanks
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:MJB2011
ID: 41761005
Im not sure if you understand. I know how to create a group and add member to it. I can do this. However, Im trying to work which access i have to delegate to just be able to delegate rights to change passwords and unlock accounts. For example, If i use the delegation wizard I can delegate right to change and reset password, but the unlock account is then greyed out.  So which option do i use to allow the rights to unlock accounts?
0
 

Accepted Solution

by:
MJB2011 earned 0 total points
ID: 41761018
0
 
LVL 25

Expert Comment

by:-MAS
ID: 41761023
Glad to know you got it and thanks for sharing it.

Thanks
MAS
0
 

Author Closing Comment

by:MJB2011
ID: 41766630
Full resolution
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question