Delegating Control of Organizational Units
If you have a distributed IT organization, you may want to delegate control of local OUs to individuals or teams at the location. This section explains how to use the Delegation of Control wizard and allow groups or individuals to administer certain functions of an OU.
- Open Active Directory Users and Computers.
- Right-click on the OU you want to delegate control over. Select Delegate Control.
- The Delegation of Control Wizard opens. Click Next.
- Click Add to add a user or group.
- Enter the name of the user or group you want to delegate control to, click OK.
- Click Next.
- Select the common tasks you want this user or group to perform. In the example, we select the common account management tasks. If this were our helpdesk, we would simply select the ones they need, e.g. Read all user information and Reset user passwords.
- Click Next.
- Click Finish to close the wizard.
You can repeat this process for other users or groups if you want them to have different security rights.
If you right-click on the OU you just changed and select Properties, then click the Security tab, you can see the group or user you added is now listed in the Access Control List. Click on Advanced to see the advanced permissions they have.
In this section, you learned:
- The Organizational Unit structure
- Modifying permission for Active Directory objects
- Delegating control of Organizational Units
Practice Exercises
1. Create an Organizational Unit.
2. Create a user account. Create a PCSupport group. Change permissions on the user account to allow PCSupport to make changes to the account.
3. Delegate control of the OU to PCSupport.
Congratulations!
You have completed the Managing Access to Resources and Managing Printing sections, Part 2 of the Managing and Maintaining a Windows Server 2003 Environment (exam 70-290) tutorial.
Managing access to files, folder, prints, Organizational Units, and other resources is a crucial part of your job as a systems administrator. Learning the foundation to understanding security in Windows Server 2003 will be essential to your career and to the 70-290 exam objectives.