Delegation of Administrative rights

[Guest]

Hi,

I would like to enable a sub-group of adminstrators the ability to
administer their own network as part of our domain. I would like them to be
able to add/delete users, add/remove workstations, create gpo's etc...

I don't want them to have access to all of the AD Users and Computers
structure though, just the OU that they're in. When they add users /
computers to the domain is there some way to force users/computers to go in
their OU, not the default users or computers OU?

Thanks.

 

[taranis]

You could try using netdom.exe and a .bat script. I've done it before
but I did not write the script and I can't find it...sorry. Maybe
some1 else here knows how?

 

[lforbes]

Hi,

I would like to enable a sub-group of adminstrators the
ability to
administer their own network as part of our domain. I would
like them to be
able to add/delete users, add/remove workstations, create
gpo's etc...

I don't want them to have access to all of the AD Users and
Computers
structure though, just the OU that they're in. When they add
users /
computers to the domain is there some way to force
users/computers to go in
their OU, not the default users or computers OU?

Thanks.

Hi,

You can delegate control over the OU’s however, I haven’t figured out
a way for computers to automatically put themselves in an OU when they
are added to the domain. I don’t use the computers container for
anything but I always have to move the computers added from there
manually. You might be able to script it but I am not sure. Post your
answer here if you figure it out.

Cheers,

Lara