Re: Delegation of groups admin. - restricted to a subset of objects
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Thu, 18 Jan 2007 15:56:30 -0500
Actually you can add ANY AD object, doesn't have to be a security principal. Of course, anything other than a security principal isn't going to grant anything...
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Jorge de Almeida Pinto [MVP - DS] wrote:
the original poster states:.
"only add a certain set of computers as members to a set of groups"
this is not possible!
why?
if you are delegated the right to manage group membership, you are delegated the right to make EVERY SECURITY PRINCIPAL (users,groups,computers) a member of that group
- References:
- Re: Delegation of groups admin. - restricted to a subset of objects
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Delegation of groups admin. - restricted to a subset of objects
- Prev by Date: Re: Last Login for Computer Accounts
- Next by Date: Re: Email address not shown in AD, but delivered to wrong user
- Previous by thread: Re: Delegation of groups admin. - restricted to a subset of objects
- Next by thread: Re: Delegation of groups admin. - restricted to a subset of objects
- Index(es):
Relevant Pages
|
Loading
