waltforbes
asked on
How to enable users to manage "AD Sites and Services" snap-in (dssite.msc) without placing them in Domain Admins or Enterprise Admins groups?
Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain
2. I need to enable select users to replicate Active Directory changes using dssite.msc (AD Sites and Services snap-in)- without placing them in the Domain Admins or Enterprise Admins groups.
3. I want to create a group, then use Delegation of Control Wizard or an appropriate Active Directory object's ACL to enable this custom group to have the access mentioned in point 2.
QUESTION: What is the best way to grant a custom group the permissions to use dssite.msc (Active Directory Sites and Services) to manually manage replication?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER