Re: Custom Delegation in AD
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 10/03/04
- Next message: Joe Richards [MVP]: "Re: Possible to grant additional rights to a built-in group"
- Previous message: Andrew Mitchell: "Re: Interview questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 03 Oct 2004 12:26:47 -0400
You can set up a proxy system where the admin contacts a web page or uses some
tool that can do the work on the admins behalf.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net kusdjeff wrote: > You said that you cannot set that natively. Is there any way that you can do > it? > > Thanks, Jeff > > "Joe Richards [MVP]" wrote: > > >>You can't natively. The delegation has to be to the entire attribute or not at all. >> >> >> >>-- >>Joe Richards Microsoft MVP Windows Server Directory Services >>www.joeware.net >> >> >> >>kusdjeff wrote: >> >>>I have a question about AD delegation. I am in the process of creating an AD >>>custom delegation (modifying the delegwiz.inf). I am able to set all the >>>rights for my environment except one. How do I enable (delegate) my users >>>the ability to enable/disable accounts. I understand that there is a >>>'userAccountControl' option, but this grants too many rights. I only want my >>>users the ability to enable/disable accounts without affecting other rights >>>such as "Password Never Expires" and "User Cannot Change Password". How do I >>>go about doing this?? >>> >>>Thanks in advance, Jeff >>
- Next message: Joe Richards [MVP]: "Re: Possible to grant additional rights to a built-in group"
- Previous message: Andrew Mitchell: "Re: Interview questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
