Re: Delegation Control Wizard is blank

Thanks again for your help Paul.
My ultimate goal is to have the users within this group:
1.) Add Users/modify User accounts
2.) Join computer to the domain

I believe the top two steps are all set.
But I would also like TechSupport to access DNS & DHCP without having to
grant them access to the DC. Is there a way to do this? I heard that there
is a DNS & DHCP admin application within the Support Tools ... is this true?
.... and if so which files are they? ... would I create a share on the DC make
a copy of those files and only give the TechSupport group access to these
files so that they can open and modify DNS & DHCP?
Thanks again for your help.
- Francisco


"Paul Williams [MVP]" wrote:

Should I create an OU named "Technical Support", create a group within
this OU and name it "Technical Support", and place the specific users
within this group? Then run the Delegation Control Wizard ... and see if
any security changes have occurred on the OU?

This is for testing? If so yes. Create a new OU and a new domain local
group and grant that group the permissions you want on that group. Then
test those permissions against some dummy objects with a user that is a
member of that group. Also, check the permissions on the OU and re-run
delegwiz and verify if you should be seeing what you think you should.

Note. Permissions/ delegations on an OU only apply to that OU and/ or its
children depending on the scope defined. Therefore, you will need to test
on objects in this OU and creating new ones, etc. The ones in CN=Computers
won't be affected by a delegation on OU=Testing, for example.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net



.

Relevant Pages

  • Re: granting access to dns, dhcp, wins
    ... to have like DNS & DHCP. ... >> I am working on delegation of control over different ... >> I've used the delegation of control wizard and individual ...
    (microsoft.public.win2000.setup)
  • Re: granting access to dns, dhcp, wins
    ... to have like DNS & DHCP. ... >> I am working on delegation of control over different ... >> I've used the delegation of control wizard and individual ...
    (microsoft.public.win2000.active_directory)
  • Re: DHCP IP lease renewal ok, but a new PC can not obtain an IP ("An e
    ... I guess the problem seen with DHCP from PC's is a symptom of another ... Note that both robert and tina are blade servers within the save blade ... Connection-specific DNS Suffix. ... I.e. DNS servers has their own IP as the first DNS server and another as ...
    (microsoft.public.windows.server.networking)
  • Re: dhcp not matching DNS
    ... What we are finding is the client will get a lease and you check dns ... and it does not match what was given by dhcp. ... To elaborate on scavenging and DnsUpdateProxy group that Meinolf mentioned, please read the following to gain a better understanding of how the whole thing works. ... Force DHCP to register all records, Forward and PTR, (whether a client ...
    (microsoft.public.windows.server.dns)
  • Re: Duplicate HOST A record entries on the reverse lookup Zone
    ... then 24 and did the manual/ start scavenging of the stale resource records ... Used the DHCP server to update DNS records: ... "Set Aging/Scavenging for All Zones. ...
    (microsoft.public.windows.server.dns)
Quantcast