Delegation of Control

In previous lessons, you’ve learned how to create users, groups, computers, and OUs. Your ability to perform those actions was dependent on your membership in the Administrators group of the domain.

Use the buttons below to navigate through the lesson

You would not want every user on your help desk team to be a member of the domain’s Administrators group just to reset user passwords and unlock user accounts. Instead, you should enable the help desk and each role in your organization to perform the tasks that are required of the role and no more. In this lesson, you’ll learn how to delegate specific administrative tasks within Active Directory. In this exercise you will delegate control of managing user accounts and passwords in the Managers OU to the helpdesk group.

Right click the OU and select Delegate Control. Click Next. Click Add. Type in part or the entire name of the group select  Check Names. Click OK. Assign the tasks to delegate then click Next. The helpdesk group will now have control of user accounts in the Mangers OU. Their permissions will not extend beyond this single OU. Click Finish to complete the wizard.