OU adminstration in Active Directory

G

Guest

We plan to deligat control of OUs in our AD domain to departmental admin who will need to add users, computers, groups, etc. to the OUs they maintain. The deligation wizard makes the deligation of control easy, but now I'm stuck on tools they canuse to manage their OU. Is there a version of AD Users and Computers that they can run from their workstations or do I need to allow them logon access to the Domain Controller? Also, what groups should their users be in? I don't want to make them Domain Admins, would "Server Operators" be adequate and appropriate? I don't want them to be able to manage anything outside of their OU.
 
B

Brian

-----Original Message-----
We plan to deligat control of OUs in our AD domain to
Click to expand...
departmental admin who will need to add users, computers,
groups, etc. to the OUs they maintain. The deligation
wizard makes the deligation of control easy, but now I'm
stuck on tools they canuse to manage their OU. Is there a
version of AD Users and Computers that they can run from
their workstations or do I need to allow them logon access
to the Domain Controller? Also, what groups should their
users be in? I don't want to make them Domain Admins,
would "Server Operators" be adequate and appropriate? I
don't want them to be able to manage anything outside of
their OU.
.
Click to expand...

Mike,
I believe if you use an MMC, you can create a AD
Users&Groups snapin and point it at your Domain
Controller. For more info on creating MMC's, go to:

http://support.microsoft.com/default.aspx?scid=kb;en-
us;230263&Product=win2000
 
G

Guest

Brian, Thanks. Do you by any chance know which snap in to use? The only one that looks likely is the ADSI (Active Directory Services Interface) snap in. Problem is that it operates at a level I don't think very many people are going to be able to deal with.

----- Brian wrote: -----
-----Original Message-----
We plan to deligat control of OUs in our AD domain to
Click to expand...
departmental admin who will need to add users, computers,
groups, etc. to the OUs they maintain. The deligation
wizard makes the deligation of control easy, but now I'm
stuck on tools they canuse to manage their OU. Is there a
version of AD Users and Computers that they can run from
their workstations or do I need to allow them logon access
to the Domain Controller? Also, what groups should their
users be in? I don't want to make them Domain Admins,
would "Server Operators" be adequate and appropriate? I
don't want them to be able to manage anything outside of
their OU.
.
Click to expand...

Mike,
I believe if you use an MMC, you can create a AD
Users&Groups snapin and point it at your Domain
Controller. For more info on creating MMC's, go to:

http://support.microsoft.com/default.aspx?scid=kb;en-
us;230263&Product=win2000
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

OU Design with single domain AD structure 3
AD browsing 1
Custom MMC for OU 2
Prevent all users from any other OUs from logging into Special OU 1
Migrating from multiple child domain environment to single domain with OUs. What's correct method? 5
Will this work as a first step? 2
Unable to prevent OU deletion by Domain Admins? 8
Unable to prevent OU deletion by Domain Admins? 2

Top