Senior IT Specialist

waltforbes

<div>
Hi Seth, many thanks for your answer. The reason I need to do this is that sometimes an alias or ACL (or other AD change) needs to be updated immediately. It could be due to DR (disaster recovery) concerns or troubleshooting.
</div>

<div>
<div class="content wysiwyg-content fr-view">
Points of My Scenario:1. I am admin of a Windows Server 2008 R2 domain 2. I need to enable select users to replicate Active Directory changes using dssite.msc (AD Sites and Services snap-in)- without placing them in the Domain Admins or Enterprise Admins groups. 3. I want to create a group, then use Delegation of Control Wizard&nbsp;or an appropriate Active Directory object's ACL to enable this custom group to have the access mentioned in point 2. QUESTION: What is the best way to grant a custom group the permissions to use dssite.msc (Active Directory Sites and Services) to manually manage replication?
</div>
</div>


Points of My Scenario:
1.
I am admin of a Windows Server 2008 R2 domain
2.
I need to enable select users to replicate Active Directory changes using
dssite.msc
(
AD Sites and Services
snap-in)- without placing them in the Domain Admins or Enterprise Admins groups.
3.
I want to create a group, then use
Delegation of Control Wizard 
or an appropriate Active Directory object's ACL to enable this custom group to have the access mentioned in point 2.
QUESTION:
What is the best way to grant a custom group the permissions to use dssite.msc (Active Directory Sites and Services) to manually manage replication?

How to enable users to manage &quot;AD Sites and Services&quot; snap-in (dssite.msc) without placing them in Domain Admins or Enterprise Admins groups?

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

How to enable users to manage &quot;AD Sites and Services&quot; snap-in (dssite.msc) without placing them in Domain Admins or Enterprise Admins groups?

How to enable users to manage "AD Sites and Services" snap-in (dssite.msc) without placing them in Domain Admins or Enterprise Admins groups?