17.9. Delegating Control of Managing an Application Partition


You want to delegate control over the management of an application partition.


Using a graphical user interface

  1. Open ADSI Edit.

  2. Connect to the Configuration naming context of the forest the application partition is in if it is not already present in the left pane.

  3. Expand the Configuration naming context and click on the Partitions container.

  4. In the right pane, right-click on the crossRef object that represents the application partition and select Properties.

  5. Click the Security tab.

  6. Click the Advanced button.

  7. Click the Add button.

  8. Use the object picker to find the user or group you want to delegate control to and click OK.

  9. Click the Properties tab.

  10. Under Allow, check the boxes beside Write msDS-NC-Replica-Locations, Write msDS-SDReferenceDomain, Write msDS-Replication-Notify-First-DSA-Delay, and Write msDS-Replication-Notify-Subsequent-DSA-Delay.

  11. Click OK.

Using a command-line interface

> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-NC-Replica-Locations
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-SDReferenceDomain
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-Replication-Notify-[RETURN]
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-Replication-Notify-[RETURN]

Using VBScript

' This script delegates control over the four key attributes ' of an app partition to the specified user or group. ' ------ SCRIPT CONFIGURATION ------ ...

Get Active Directory Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.