Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain
2. I need to enable select users to replicate Active Directory changes using dssite.msc (AD Sites and Services snap-in)- without placing them in the Domain Admins or Enterprise Admins groups.
3. I want to create a group, then use Delegation of Control Wizard or an appropriate Active Directory object's ACL to enable this custom group to have the access mentioned in point 2.
QUESTION: What is the best way to grant a custom group the permissions to use dssite.msc (Active Directory Sites and Services) to manually manage replication?
Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>