-----Original Message-----
At the appropriate container, select properties and then delegate control. For each
domain you will have to create a local group to add to the delegation. Then you will
need to create global groups for each domain and add the members from each domain and
then add each global group to the local group for each domain [assuming that is what
you want]. If you are in native mode you could possibly use a universal group
instead, though adding individual users to universal groups is not best practice
because of the way universal groups are handled with the global catalog server and
replication.
The delegation wizard will give you general options. If the general options are not
what you need, you will have to select custom task and select computer and/or user
objects and choose permissions you want to apply to those objects. The unlock account
is an example of a custom task and is described in the KB link below. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN- US;q294952
I need to have a group that members of the group can do
the following:
Reset account passwords
unlock accounts
join/remove computers from a domain
part 2 is how do I set this up when I have 2 domains in my
forest and I want to use the same group.
.
Brian Cook said:I have found the article on the unlock user account
however I have not found delegation procedures for the
others. Has anyone seen or is there a list of different
delegation tasks that are custom.
Thanks
Brian Cook
-----Original Message-----
At the appropriate container, select properties and then delegate control. For each
domain you will have to create a local group to add to the delegation. Then you will
need to create global groups for each domain and add the members from each domain and
then add each global group to the local group for each domain [assuming that is what
you want]. If you are in native mode you could possibly use a universal group
instead, though adding individual users to universal groups is not best practice
because of the way universal groups are handled with the global catalog server and
replication.
The delegation wizard will give you general options. If the general options are not
what you need, you will have to select custom task and select computer and/or user
objects and choose permissions you want to apply to those objects. The unlock account
is an example of a custom task and is described in the KB link below. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN- US;q294952
I need to have a group that members of the group can do
the following:
Reset account passwords
unlock accounts
join/remove computers from a domain
part 2 is how do I set this up when I have 2 domains in my
forest and I want to use the same group.
.