How to Delegate Control in Active Directory Users and Computers

How to Delegate Control in Active Directory Users and Computers

In this article we’ll learn the steps to delegate control in Active Directory Users and Computers. In Organizations, delegate control is given to the help-desk representative to perform the tasks of reset password, add computer or server in domain, create new user, etc. In a  domain, domain administrator is a user who can perform all operations and tasks related to domain and Active Directory. Domain Administrator is a member of Domain Admins group and also a user who is not available 24 x 7 x 365. So, the question is when the domain administrator is not available then who will manage the Active Directory.

First option is that, we will add any other user into the Domain Admins group. This would assign Domain Admin permissions to the newly added user, these rights are sufficient to perform any domain level change in the environment. But do you really want to give keys of kingdom to anyone? In my opinion, this is not the right way of delegating control.

active-directory-group-policy-2012-lab
Share this post:

4 thoughts on “How to Delegate Control in Active Directory Users and Computers

  • December 15, 2015 at 1:57 pm
    Permalink

    Hi Mr. RaakeshKapoor,

    Your post is very useful for me. I am new to active directory. Now i am very much clear about delegation. And one doubt strike in my mind when i read this post. whether the delegated user can perform changes in that particular user group or particular organisation unit only or can make changes to all the users account through out the domain.

    Reply
    • December 15, 2015 at 3:12 pm
      Permalink

      Delegated user can perform all the delegated task only within the OU for this delegation is defined. This means, delegated user can manage all the objects within that OU. Hope it answers your question.

      Reply
  • November 3, 2016 at 10:56 pm
    Permalink

    Hello.

    Thank you for the user guide.

    I followed your instructions and delegated control over an OU to an account. The strange thing is that when I try to create a user in that OU with that user account nothing happens… no window prompts with the new account information, no error message, nothing…
    I’m doing the tests on a windows 10 virtual machine.
    If I do the same test on my laptop, it works……..
    Both VM and my laptop are joined to the domain.

    Any ideas?

    Thanks for your help!

    Cheers!

    Reply
    • November 16, 2016 at 10:12 pm
      Permalink

      Did you try log off the user and then login back to whom you have delegated the permission?

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *