Regarding OU

S

Srinivas Acharya

Hi All,
I am going to create OU and going to add some of the
computers of the domain to that. I delegate admin
previleges to some body for that OU. I wanted to know
whether that person can have admin previleges for those
computers?. Whether he can administer those PCs. HE is not
in domain admins and local admins group.

Your thouhts on this will be helpful.

Regards,
Srinivas Acharya
 
T

Tomasz Onyszko

Srinivas said:
Hi All,
I am going to create OU and going to add some of the
computers of the domain to that. I delegate admin
previleges to some body for that OU. I wanted to know
whether that person can have admin previleges for those
computers?. Whether he can administer those PCs. HE is not
in domain admins and local admins group.
Click to expand...
At the OU level You can assign GPO and set Restricted groups to add this
person to the Power Users or Administrators group on the machines
grouped in this OU
 
N

Nathan

-----Original Message-----
Hi All,
I am going to create OU and going to add some of the
computers of the domain to that. I delegate admin
previleges to some body for that OU.
Click to expand...

This user now has AD rights to AD objects within this OU
only. He does not have any access to the machines that
are assigned in this OU unless he belongs to a AD group
that is listed in the LOCAL groups on these workstations.

Create an admin group for the OU and add it to the local
groups as needed.
 
S

Srinivas Acharya

Hi,
Yo mean to say that delegation is restricted to directory
only and that person will not be having admin prvileges on
that PC until he belongs to domain admins group?.
In that case what is the use of delegation?.

Regards,
Srinivas Acharya
 
S

srinivas Acharya

Hi,
Yo mean to say that delegation is restricted to directory
only and that person will not be having admin prvileges on
that PC until he belongs to domain admins group?.
In that case what is the use of delegation?.

Regards,
Srinivas Acharya
 
A

Alexander Suhovey

In that case what is the use of delegation?.
The use of delegation is that administrators can delegate particular
administrative tasks to ordinary user accounts WITHOUT making those
accounts domain/local admins. Basically (as I understand) all delegation
does is makes apropriate changes in domain object's ACLs.

Al.
 
S

Srinivas Acharya

Hi,
Thanks for replying.
Can you just tell me what kind of administrative tasks you
are refering to.

Regards,
Srinivas Acharya
 
S

Srinivas Acharya

Hi,
Does it include administering of windows 2000 clients. Can
the common user who is not domain admin and local admin can
become administrator for particular OU and can administer
the that PC locallly?.

Regards,
Srinivas Acharya
 
P

ptwilliams

I think making a user a local admin is the best way to do this. You can do
this via restricted groups in the GPO.

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Hi,
Does it include administering of windows 2000 clients. Can
the common user who is not domain admin and local admin can
become administrator for particular OU and can administer
the that PC locallly?.

Regards,
Srinivas Acharya
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Planning for OU 2
Restricted Groups 2
Restricted groups 1
Administering OUs 5
Require Computer object before joining Workstation 3
Importance of OU in Active directory 7
Custom MMC for OU 2
OU delegate control 3

Top