17.9. Delegating Control of Managing an Application Partition
Problem
You want to delegate control over the management of an application partition.
Solution
Using a graphical user interface
Open ADSI Edit.
Connect to the Configuration naming context of the forest the application partition is in if it is not already present in the left pane.
Expand the Configuration naming context and click on the
Partitions
container.In the right pane, right-click on the
crossRef
object that represents the application partition and select Properties.Click the Security tab.
Click the Advanced button.
Click the Add button.
Use the object picker to find the user or group you want to delegate control to and click OK.
Click the Properties tab.
Under Allow, check the boxes beside Write msDS-NC-Replica-Locations, Write msDS-SDReferenceDomain, Write msDS-Replication-Notify-First-DSA-Delay, and Write msDS-Replication-Notify-Subsequent-DSA-Delay.
Click OK.
Using a command-line interface
> dsacls <AppPartitionCrossRefDN
> /G <UserOrGroup
>:RPWP;msDS-NC-Replica-Locations > dsacls <AppPartitionCrossRefDN
> /G <UserOrGroup
>:RPWP;msDS-SDReferenceDomain > dsacls <AppPartitionCrossRefDN
> /G <UserOrGroup
>:RPWP;msDS-Replication-Notify-[RETURN] First-DSA-Delay > dsacls <AppPartitionCrossRefDN
> /G <UserOrGroup
>:RPWP;msDS-Replication-Notify-[RETURN] Subsequent-DSA-Delay
Using VBScript
' This script delegates control over the four key attributes ' of an app partition to the specified user or group. ' ------ SCRIPT CONFIGURATION ------ ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.