Delegate AD permissions

  • Thread starter Thread starter Jay
  • Start date Start date

Jay

Jay

Jay

Associate
Joined
18 Oct 2002
Posts
1,650
Location
North West
Hi All,

Quick question. Is there a (free or purchasable) tool that allows admins to delegate permissions for normal users to manage a single security group membership permissions in AD without having to delegate permission to a whole OU?


I've seen one called ADManager Plus, which is a web based tool. Any reviews on this?
 
You can do it using the standard ADUC tools. There are two ways you can do this,:

1. Click on the Group and go to the 'Managed By'. Choose the name of the user to manage the group and ensure 'Manager can update Membership list' is checked.
OR
2. Click on the Group and go to the Security Tab. Click on Advanced button and choose the user or group you wish to manage the group. A 'Permission Entry for' dialog box opens. Click on Properties tab. Select 'Group Objects' on the 'Apply Onto' checkbox. In the list, ensure 'Read Members' and 'Write Members' is checked.

You can't seem to select groups in option 1, only users. Howerver, you can choose users or groups in option 2.

If you want to perform this on many groups at once, then it maybe worth writing a vb or powershell script.
 
You must log in or register to reply here.
Back
Top Bottom