Avatar of waltforbes
Flag for Bahamas

asked on 

How to enable users to manage "AD Sites and Services" snap-in (dssite.msc) without placing them in Domain Admins or Enterprise Admins groups?

Points of My Scenario:

1. I am admin of a Windows Server 2008 R2 domain

2. I need to enable select users to replicate Active Directory changes using dssite.msc (AD Sites and Services snap-in)- without placing them in the Domain Admins or Enterprise Admins groups.

3. I want to create a group, then use Delegation of Control Wizard or an appropriate Active Directory object's ACL to enable this custom group to have the access mentioned in point 2.

QUESTION: What is the best way to grant a custom group the permissions to use dssite.msc (Active Directory Sites and Services) to manually manage replication?

Windows OSWindows Server 2008Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon