June 2017
Beginner to intermediate
742 pages
18h 29m
English
Content preview from Mastering Active Directory
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Using object ACLs
User or group access and permissions to a shared folder are controlled by the ACL. Similarly, we can define permissions to Active Directory objects. This can be applied to the individual object or the AD site/domain/OU and then inherit to lower-level objects.
As an example, I have a security group called First Line Engineers, and Liam is a member of this group. Liam is an engineer in the Europe office. In the Active Directory environment, he should allow to add user objects under any sub-OU in the Europe OU. But he should not be allowed to delete any object under it. Let's look at how we can do this using ACLs:
- Log in to the domain controller as Domain Admin/Enterprise Admin.
- Review the group membership using the following ...