Delegating Administrative Tasks
This chapter has dealt with how to ensure the security of Active Directory objects. The discussion thus far has been in preparation for this section, which deals with using these security options to delegate administrative tasks. Because every object—indeed every property on every object—in Active Directory has an ACL, you can control administrative access down to any property on any object. This means that you can grant other Active Directory administrators very precise permissions so that they can perform only the tasks they need to do.
While you can get extremely specific about delegating administrative rights, you should maintain a balance between keeping things as simple as possible and still meeting your security ...
Get Active Directory® for Microsoft® Windows® Server 2003 Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.