Re: Delegate control questions

From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
Date: Wed, 22 Nov 2006 13:02:29 -0000

1) Where and how can I see what rights I have delegated to him?

Go yo the OU properties and select the Security tab (enable advanced view)

2) He cannot create computer or printer objects. What do I have to do to give him these rights

You can rerun the delegation wizard again or do it manually in security tab.

3) If DomainAdmin create computers in the branch OU the local admin does not see them (maybe the answer to 2 is also the solution to 3)

By default users have read access to all OUs if he doesn't see these newobjects means that replication didn't occur iet, you can force it if you want in ADSS or by command line.

4) I suppose I cannot remove read rights for other objects in the AD?

You can deny read access, that's one of the reasons for OU creation, but rather then denying to a user you should do this to a security group, same applies to delegation of control.
--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

"Tommy Forsman" <tofors99@xxxxxxxxxxx> wrote in message news:eG4NbuiDHHA.4024@xxxxxxxxxxxxxxxxxxxxxxx

Hi
Have created an OU for our branch office. Have delegated control to the local admin, so he can create users and groups, reset passwords, add computers to domain.

Some problems...

1) Where and how can I see what rights I have delegated to him?
2) He cannot create computer or printer objects. What do I have to do to give him these rights
3) If DomainAdmin create computers in the branch OU the local admin does not see them (maybe the answer to 2 is also the solution to 3)
4) I suppose I cannot remove read rights for other objects in the AD?

Tomppa

References:
- Delegate control questions
  - From: Tommy Forsman

Prev by Date: Reinstallation of FSMO DC
Next by Date: Re: Reinstallation of FSMO DC
Previous by thread: Re: Delegate control questions
Next by thread: Re: WMI Filter usuage in Group policy
Index(es):
- Date
- Thread

Relevant Pages

Re: Delegate control questions
... help of Delegation Of Control Wizrad. ... Yes it was a replciation problem, Now I can see all computers ... noticed that if the local admin creates an own mmc with ADUC snap he will ... se the whole AD but have only rights to do something in his OU ...
(microsoft.public.windows.server.active_directory)
Re: Delegate control questions
... help of Delegation Of Control Wizrad. ... Yes it was a replciation problem, Now I can see all computers ... noticed that if the local admin creates an own mmc with ADUC snap he will se ... the whole AD but have only rights to do something in his OU ...
(microsoft.public.windows.server.active_directory)
Re: Delegate control questions
... Go to Active Directory Users and Computers, ... help of Delegation Of Control Wizrad. ... Where and how can I see what rights I have delegated to him? ... If DomainAdmin create computers in the branch OU the local admin does ...
(microsoft.public.windows.server.active_directory)
Re: Limiting Access Rights to AD from Windows 2000 Professional
... to do a customize delegation within the wizard. ... > to review user information and change password. ... > the user access her MMC console she can make changes to ... > overwriting the rights on a particular OU? ...
(microsoft.public.win2000.active_directory)
Re: Mapping to W2003 user rights/access?
... > when it comes to access/user rights. ... I believe Clustering should need maximum Adminrights on the Cluster. ... > 6) Is there a granular delegation setting or something ... I wouldn't even use Account Operators, ...
(microsoft.public.windows.server.migration)