Create a delegation of control on an Active Directory infrastructure on Windows Server 2016

  • Windows Server
  • 2/2

2. Delegate a custom task using the Delegation of Control wizard

To delegate a custom task, open the Delegation of Control wizard.

Choose the users and/or groups to whom you want to delegate the task.

This time, we will delegate the task to our IT Manager.

This time, select "Create a custom task to delegate".

In the "Active Directory object type" step, you can choose to delegate control of all types of objects that are in the desired folder or only specific types of objects.
In our case, we are going to delegate control only on "Organizational Unit" and "User" type objects, and we authorize it to :

  • create selected objects in this folder
  • delete selected objects in this folder

3. Managed by

Another faster way to delegate control of a read-only domain controller (RODC) or group, for example, is to use the "Managed by" tab.
For example, below, we delegate the management of the "MySecurityGroup" group to our IT Manager by allowing him to update the list of members.

4. Manually manage Active Directory permissions

The last possibility is to delegate specific tasks or allow specific actions on specific types of objects to specific users and to go through the "Security" tab of the desired container.
Right click "Properties" on the desired container, go to the "Security" tab and click on : Advanced.

As you can see, many permissions already exist by default.
To add a permission, click on : Add.

To begin with, the "principal" to whom you want to allow or deny specific rights.

Indicate the name of the user or group that will receive the permissions (of type : allow or deny).

For the permission's type, you have the choice between :

  • allow
  • deny

A set of permissions can be applied to :

  • this object and all descendant objects
  • all descendant objects
  • descendant objects of the desired type : group, computer, site, user, ...

Here, you will find a long list of permissions.

But also a list of properties a little further down.

At the bottom, you can choose to apply these permissions only to objects and/or containers that are part of that container.

As you have manually chosen the permissions, the access displayed will be : Special.

The previously selected principal will also be displayed in the "Security" tab.

To see also

Comments

No comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.