Delegating Administrative Tasks

This chapter has thus far discussed how to ensure the security of Active Directory objects. This has been in preparation for this section, which applies the security options to delegate administrative tasks. Because every object in Active Directory has an ACL, you can control administrative access down to any property on any object. This means that you can grant other Active Directory administrators very precise permissions so that they can perform only the tasks they need to do.

Although you can get extremely specific about delegating administrative permissions, you should maintain a balance between keeping things as simple as possible and meeting your security requirements. In most cases, delegating administrative ...

Get Windows Server® 2008 Active Directory® Resource Kit now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.