Friday, October 30, 2009

OU Delegation

Imagine your infrastructure now contains several OUs of computers and users and you want to delegate them to different admin groups, including the rights to set their own group policies. How do you do this?

Launch "Active Directory Users and Computer". Right click on the OUs that you want to delegate and select "Delegate Control". Select the delegated groups and tasks. For full delegation, select "Create a custom task to delegate" and select all permissions subsequently as follows:

To assign the rights to create Group Policy, launch "Group Policy Management Console" and click on "Group Policy Objects". Click "Delegation" tab on right plane and add the delegated groups as follows:

1 comment:

  1. A more elegant way to delegate users to create group policy is to add them to the built-in "Group Policy Creator Owners" group