September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
17.9. Delegating Control of Managing an Application Partition
Problem
You want to delegate control over the management of an application partition.
Solution
Using a graphical user interface
Open ADSI Edit.
Connect to the Configuration naming context of the forest the application partition is in if it is not already present in the left pane.
Expand the Configuration naming context and click on the
Partitionscontainer.In the right pane, right-click on the
crossRefobject that represents the application partition and select Properties.Click the Security tab.
Click the Advanced button.
Click the Add button.
Use the object picker to find the user or group you want to delegate control to and click OK.
Click the Properties tab.
Under Allow, check the boxes beside Write msDS-NC-Replica-Locations, Write msDS-SDReferenceDomain, Write msDS-Replication-Notify-First-DSA-Delay, and Write msDS-Replication-Notify-Subsequent-DSA-Delay.
Click OK.
Using a command-line interface
> dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-NC-Replica-Locations > dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-SDReferenceDomain > dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-Replication-Notify-[RETURN] First-DSA-Delay > dsacls <AppPartitionCrossRefDN> /G <UserOrGroup>:RPWP;msDS-Replication-Notify-[RETURN] Subsequent-DSA-Delay
Using VBScript
' This script delegates control over the four key attributes ' of an app partition to the specified user or group. ' ------ SCRIPT CONFIGURATION ------ ...