Tag: Delegate Control

Allow Domain User To Update Department Field in Active Directory

Ulv BjørnssonLeave a comment

In this article we’ll go through the steps to allow a domain user that is a member of a security group, to update the Department field in Active Directory

So open up Active Directory Users and Computers and create a Security Group that we will delegate control to, for this example we have created a group called “RL_Update_AD_Users_Department_Field”

pep

Now we have to also choose the container that this group can edit Users in to for this example we have a “Users”-container in our “domain“.

RoyalTS_2017-05-08_13-58-06

This opens up the Delegation of Control Wizard. Hit Next.

2017-05-08_14-11-21

Read More »

Allow Domain User To Update Manager Field in Active Directory

Ulv BjørnssonLeave a comment

In this article we’ll go through the steps to allow a domain user that is a member of a security group, to update the manager field in Active Directory.

So open up Active Directory Users and Computers and create a Security Group that we will delegate control to, for this example we have created a group called “RL_Update_AD_Users_Manager_Field”

 

Now we have to also choose the container that this group can edit Users in to for this example we have a “Users”-container in our “domain“.

RoyalTS_2017-05-08_13-58-06.png

This opens up the Delegation of Control Wizard. Hit Next.

2017-05-08_12-30-50

Read More »

Allow Domain User To Add Computer to Domain

Ulv Bjørnsson1 Comment

In this guide we’ll go through the steps to allow a domain user, to add a computer to the domain. This can be nice in scenarios where some of the preparation for a PC is done by office staff, or if there are branch offices that need to re-join after resetting a PC and so-on.

An authenticated user, has by default the right to join up to 10 computers to the domain. After exceeding this limit the user will recieve an error message.

To get around this we can delegate the right to Create Computer Objects in Active Directory. This ensures that there is no restriction on number of computer objects that the user with this delegation right can add to the domain.

The best way of achieving this is by delegating control to a “Security Group” that we create in “Active Directory”

Delegating rights to User/Group with Active Directory Users and Computers

Read More »