Using the delegate control method in AD

This works similar to ACLs, but it simplifies the privilege management as it uses the following:

  • The Delegation of Control Wizard can be used to apply delegated permissions
  • Predefined tasks can be used and permissions are assigned to those tasks

This wizard contains the following predefined tasks, which can be used to assign permissions:

  • Create, delete, and manage user accounts
  • Reset user passwords and force a password change at the next logon
  • Read all user information
  • Create, delete, and manage groups
  • Modify the membership of a group
  • Manage Group Policy links
  • Generate Resultant Set of Policy (Planning)
  • Generate Resultant Set of Policy (Logging)
  • Create, delete, and manage inetOrgPerson accounts

Get Mastering Active Directory now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.