delegation of Control

O

orly

I have two different OUs
Region-A Delegated to Userx, Full control on GRoups and
User.

Region-B-Delegated to userb, Full control(users and
GRoups) on his respective OU

How can I make sure that userx cannot add members to his
groups from outside his OU.

He can only play in his respective ou on group membership
thanks
 
J

Joe Richards [MVP]

You can not do this without taking away the rights to modify the group
membership and forcing them to do it through some sort of proxy tool. If you can
manipulate the member attribute, you can add any User/Contact/Group DN from the
forest you want.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegation of rights 4
Restrict view of AD 9
Delegation of control 1
Taskpad crash 1
Delegation 1
ADMT ver2 - users not being added to correct groups 1
Custom MMC for OU 2
Problems to Add users to group 3

Top