Delegation Of Control
- From: Mathew V <mvlandys@xxxxxxxxx>
- Date: 18 May 2007 19:07:01 -0700
HI All,
The company I work for is running a Microsoft Windows Server 2003 AD
Domain: example.local
Here is our AD structure:
example.local
|__Australia
+|__Finance
+|__Developers
+|__Managers
|__India
+|__Finance
+|__Developers
+|__Managers
+|__India IT
|__UK
+|__Finance
+|__Developers
+|__Managers
|__IT
|__Exchange
+|__Resource Mailboxes
+|__Disitribution Groups
+|__Contacts
|__Builtin
|__Computerrs
|__ForeignSecurityPrincipals
|__Users
|__Groups
As you can see the way it was designed is country specific... I know
we could have au.example.local, india.example.local etc etc But we
have chosen to do it this way.
Our internal IT users reside in the IT OU which are our domain admins,
exchange admins etc etc
Due to time delays & some other reasons we have outsourced some IT
personnel in India to take care of basic admin duties such as:
*Resetting Passwords
*Unlocking Accounts
*Adding users to security groups & email distribution groups
etc.. etc..
I have delegated most of these taks onto the India OU for the India IT
users. Though for them to be able to manage email/security group
membership for the Indian users they must have read/write access on
the "Distribution List" OU & the "Groups" OU. Though I do not want
them to be able to add/remove other users from groups that reside in
these OUs.
What do you suggest I do?
.
- Follow-Ups:
- Re: Delegation Of Control
- From: Joe Richards [MVP]
- Re: Delegation Of Control
- From: Joe Richards [MVP]
- Re: Delegation Of Control
- Prev by Date: Re: How to merge AD forests upon company acquisition
- Next by Date: Re: under a domain, how do i give users full control of their work
- Previous by thread: Re: How to merge AD forests upon company acquisition
- Next by thread: Re: Delegation Of Control
- Index(es):
