Re: Delegating AD Rights (Enable/Disable Accounts)

Unfortunately due to the small scale of the project and the fact that it
won't be used that often, 2 users managing 6 accounts between them, a
commerical package can't be justified. Had I a budget for this I'd of ordered
Javlina's ADtoolkit is a flash as it does exactly what I want out of the box.

For this a homegrown script/app is a must although I appreciate the sales
pitch.

--
Regards,
Sam Gaw


"David Denmark" wrote:

Sam Gaw wrote:
I'm in the middle of trying to work out how to delegate control over
user accounts in AD to non-admin staff so that they will be able to
enable & disable guest accounts within a specific OU.

Originally I had looked at just building up a custom MMC and only
delegating the enable/disable permissions to a security group that
would then use the snap-in but because this will be used my non
technical staff even that confused them so I'm now looking at the
option of a HTA app or something along those lines were the only
thing shown to the staff is the accounts & an the enable/disable
buttons.

Unfortunitly this has proven more difficult than I originally thought
it would be & was wondering if anyone had done anything remotely
similar or had any pointers to get me moving in the right direction?

Any help or advice on this would be very much appreciated.

Hi Sam,

Instead of working with standard Microsoft tools, I would recommend that you
take a look at the User Management Resource Administrator Forms & Delegation
module. With it, you can create an easy to use interface (functions similar
to a web form) that is connected to scripts to handle user management (such
as enable/disable). Also part of the UMRA are powerful LDAP tables, that can
search AD and show you a specific set of results for your users to view
(such as all enabled users in a specific OU for the Disable User form, vice
versa for the Enable User form).

On top of all of this, you do not need to give your non-admin users
administrative privileges on the network, or even any special permissions as
Domain User rights will work just fine. The UMRA works as a proxy service to
Active Directory, allowing users that have permission to load a project,
access to execute the project. Users that do not have permission to run it
will not even see the form. The Form client handles all authentication for
the users, so all you need to do is map a shortcut to the client and your
forms are ready to go. For more information on the security aspects, please
let me know.

You can check out the UMRA at our web site www.advtoolware.com or send us an
e-mail to support -at- advtoolware -dot- com.

Thanks,

Dave Denmark




.

Loading