• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 59
  • Last Modified:

Issue in Remote Login & delegating permissions

Dear Experts,

In my environment AD is configured in Windows server 2012 and also exchange 2013 is also installed . I need to give some rights to 5-10 users. Rights are creating users , editing , deleting , password reset ,create new mail id's or do the editing in exchange server and also create new group policy. I don't want to give them the full admin rights.

My second question is when i am trying to connect the remote server through one of the domain user i get the below error;-

“To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or  if the right has been removed from the Administrators group, you need to be granted the right manually.”

Regards,
JCT
0
jct_777
Asked:
jct_777
  • 4
  • 2
1 Solution
 
MaheshArchitectCommented:
What is remote server, it is dc?

Add required user to recipient management group in ad, this will allow that user creating / removing mailboxes and manage other exchange specific attributes

Also add same user to "Accounts Operators" built-in ad group so that he can manage / create / delete users
If this is wide open, then use delegation of authority wizard in ad and grant password reset or any other permissions
U will find lot articles to delegate rights

Last question:
The remote server is dc?
If no, edit local security policy on server and grant user "allow logon thru remote desktop services" user right, also add there domain admins and administrators group
If this is dc, then do same policy settings under default domain controller policy
0
 
jct_777Author Commented:
Hi,

I don't want to add them to the Accounts Operators built in group. Can we just give some delegation rights to those users.
Also the remote server is a a DC.

Regards,

JCT
0
 
jct_777Author Commented:
Hi ,

Attached image contains the error  when I am trying to login as a domain user  to the remote server i.e. Domain Controller.

Regards,

JCT
Remote-error.JPG
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
yo_beeDirector of Information TechnologyCommented:
You can install RSAT on the 5-10 user machines.  This will give them the ADUC.msc which will give the. access to the objects in AD.   You still need to delegate rights for this.   This could  be to the entire domain or specific OU's.  

Here are some links that can help.
Here are 2 link to RSAT (Windows 7 and Windows 10).
Windows 7
https://www.microsoft.com/en-us/download/details.aspx?id=7887

Windows 10
https://www.microsoft.com/en-us/download/details.aspx?id=45520

How to delicate access to AD.
http://www.grouppolicy.biz/2010/09/how-to-delegate-ad-permission-to-organisational-units-using-the-powershell-command-add-qadpermission/


For the Exchange part you can install the EMC tools like RSAT tools, but you will need to add these 5-10 users to the default Recipient Management Role Base group.  

If you setup these tools and rights these users should be able to administer AD and Exchange without having to remote directly on to any server.
0
 
jct_777Author Commented:
Hi ,

I will do the testing & will keep you updated.

Regards,
JCT
0
 
yo_beeDirector of Information TechnologyCommented:
The RSAT is a multiple step process.
Step 1: install the RSAT msu file.
Step 2: control panel | Program and Features | Features | select the proper tools you need.

[embed=file 1288042]

[embed=file 1288043]
2018-03-19_8-11-24.png
2018-03-19_8-12-25.png
0
 
jct_777Author Commented:
Got solved.
REgards,

JCT
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now