Limiting AD administration tasks

  • Thread starter Thread starter Steve
  • Start date Start date
S

Steve

I have a generic domain account that is used to be able
to log into our domain controllers. I want to be able to
have this account log in and do BASIC AD administration
tasks such as reset a password and nothing else. I intend
to use the "run as" command and a seperate account to do
the major administraion (creating ou's etc.) How do I
limit the generic account from being able to create ou's
and do other major adminstration but yet allow them to
reset passwords etc?

Thanks in Advance,

Steve
 
Hello Steve

Take a look at Delegate Control Wizard, You can use this Wizard at OU and
Domain level, to delegate servels administrative tasks.

if you right click at Domain our OU level you can select the "Delegate
Control Wizard" and the guide appers.

You can read this howto to found out more information
http://www.microsoft.com/technet/tr...rodtechnol/windows2000serv/howto/delestep.asp

another thing you can do to simplify the daily adminstrative tasks as
rest-password etc is to make a customize MMC Consoel, ther you create
shortcut to the tasks.

More information about how to create a personal MMC Console:
http://www.microsoft.com/technet/tr...rodtechnol/windows2000serv/howto/mmcsteps.asp

//Christoffer Andersson
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Restrict user 3
AD for Multi tenancy 0
Unlock acct permissions 13
taskpad view enable account 1
Restricting built-in groups 3
Password Export error ADMT 3 1
AD restore questions 5
Multiple administrators, Site Administrators 1

Back
Top