• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Microsoft Windows FAQs
• How do I add a user to Windows?
• How do I use the Windows XP Recovery Console?
• What is the Blue Screen of Death?
• How do I recover a boot record in XP?
• What are the DOS Commands?
• How do I disable Windows Messenger?
• How do I uninstall Windows Messenger?
• How do I map a network drive?
• What is Windows Media Center?
• What is Active X?
• What is an Active X control?
• What is DirectX?
• What is the DirectX SDK?
• How do I install DirectX?
• How do I uninstall DirectX?
• What is the .NET framework?
• What is Windows Mobile?
• What is remote desktop?
• How do I Setup a Remote Desktop web connection?
• What is Windows Remote Access?
• What is Connection Manager?
• What are desktop themes?
• What is Tweak UI?
• How do I read Windows log files?
• How do I clean the registry?
• What is a free registry cleaner?
• What are Windows Registry hacks?
• What is HyperTerminal?
• What is Windows Genuine Advantage?
• How do I remove WGA?
• What is a Windows Protection Error?
• What is the "0x800a0007 Windows Update Error?"
• What is the "0x800a138f Windows Update Error?"
• What is 15-80070057?
• What is error 1603?
• What is error 678?
• What is error 734?
• What is error 721?
• What is error 1706?
• What is error 1721?
• What is error 1933?
• What is "Data Error Cyclic Redundancy Check"?
• What is "Error Loading Operating System"?
• What is "Error Number: 0x800CCC0E"?
• What is msdtc.exe?
• How do I save streaming audio Windows media?
• What are the Windows Vista requirements?
• What are Microsoft Product Keys?
• How do I use the Windows Vista Activation Wizard?
• How does Microsoft Office 2003 Activation work?
• How do I convert PowerPoint to DVD?
• What does "Failed To Access Windows Installer Components" mean?
• How does Windows file swapping work?
• How do I change Windows swap file settings?
• How do I change my Windows password?
• How do I change the XP admin password?
• How do I recover a lost Windows password?
• How can I recover a lost Windows NT Administrator password?
• How do I audit Windows NT passwords?
• How does the Microsoft Windows 3.1 password encryption work?
• How do I access the Windows NT/2000/XP password file?
• How do I monitor Windows Server 2003?
• How does Internet Authentication Service work?
• What are shared folder permissions?
• How do I configure NTFS quotas?
• What happens to NTFS permissions when you copy or move files?
• What is DFS?
• What are NetBIOS names?
• What is a NetBIOS node type?
• What is WINS?
• How does WINS replication work?
• How do I backup and restore a WINS database?
• What is Active Directory?
• How do I maintain Active Directory?
• How do I backup Active Directory?
• How do I delegate Administrator privileges in Active Directory?
• What is Active Directory replication?
• What are Active Directory groups?
• What is group policy?
• What are a tree and forest?
• What are operations masters?
• What are directory partitions?
• What is a global catalog?
• What is the global catalog in Active Directory?
• What is the logical structure of an Active Directory?
• What is the physical structure of an Active Directory?
• What is replication toplogy?
• What are Active Directory organizational units?
• What are Active Directory authentication types?
• How do I Create a Drive Image?
• What does "Device Driver has corrupted the executive memory pool" mean?
• What is an I/O Device Error?
• How does Vista activation work?
• What is wmiprrvse.exe?
• How do I Register a DLL?
• How do I View Registered DLLs?
• How do I auto-hide the taskbar using the registry?
• How do I check my Hard Drive Capacity in Windows XP?
• How do I Enable the Windows Vista Administrator Account?
• How do I install a CoDec in Windows XP?
• How do I install a screensaver in Vista?
• How do I limit Internet Access in Windows XP user accounts?
• How do I Partition Drives in Vista?
• How do I Remove the Concurrent Connections Limit in Windows XP?
• How do I Save Desktop Icons in Windows XP?
• How do I Turn off My Computer in Vista?
• How do I turn the screensaver off in Windows XP?
• How do I uninstall Windows OneCare in Vista?
• How does Sharing Files in Vista work?
• How do I remove all personal files from Windows?
• How do I verify a Windows CD is legal?
• How do I find the Windows Version on a PC?
• How do I find my Windows XP Product Key?
• How do I check Hard Drive capacity in Windows?
• How do I print the Windows Task Manager?
• How do I share a printer?
• How do I change the font color in Windows Explorer?
• How do I set a Static IP Address in Windows?
• How do I open TCP Ports in Windows?
• How do I erase a Hard Drive in Windows?
• What is dllhost.exe?
• What is spooldr.sys?
• How do I uninstall Vista?
• How do I Remove IPv6 in Vista?
• How do I speed up Vista?
• How do I Remove the Administrative Mode in Vista?
• How do I change Vista icons?
• How do I undelete in Windows?
• How do I replace Vista with XP?
• What is NTLDR?
• What does "NLDR is Missing" mean?
• How do I scan disk?
• Where is Scan Disk in Win XP?
• How do I use Quick Launch in Windows Vista?
• How do I Change the Taskbar Color?
• How do I Change the Taskbar Font?
• How do I Delete Search History?
• How do I increase virtual memory?
• What is the Windows Taskbar?
• What is ctfmon?
• What is svchost?
• What is csrss?
• What is alg?
• What is Microsoft Windows?
• What is hpboid.exe?
• What is ReadyBoost?
• How do you install fonts?
• Why is my computer so slow?
• Why is sndvol32.exe essential in a PC?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

How do I Delegate Administrator Privileges in Active Directory?

The primary reason to create organizational units is to distribute administrative tasks across the organization by delegating administrative control to other administrators. Delegation is especially important when you develop a decentralized administrative model. Delegation of administration is the process of decentralizing the responsibility for managing organizational units from a central administrator to other administrators. The ability to establish access to individual organizational unit is an important security feature in Active Directory. You can control access to the lowest level of an organization without the necessity of creating many active directory domains.

Authority delegated at the site level will likely span domains or conversely, may not include targets in the domain. Authority delegated at the domain level will affect all objects in the domain. Authority delegated at the organizational unit level can affect that object and all of its child objects, or just the object itself.

Delegation of control is the ability to assign the responsibility of managing Active Directory objects to another user, group, or organization. By delegating control you can eliminate the need for multiple administrative accounts that have broad authority. Delegated administration in Active Directory helps ease the administrative burden of managing your network by distributing routine administrative tasks to multiple users. Basic delegated rights can be given to normal user like create a user account or group account etc and major domain-wide administration work can be delegated to senior/junior-level administrator.

Autonomy is the ability of administrators in an organization to independently manage:

• All or part of service management (called service autonomy).
• All or part of the data in the active directory database or member computers that are joined to the directory (called autonomy).

Common Administrative Tasks

Administrators routinely perform the following tasks in active directory:

• Change properties on a particular container: For example, when a new software package is available, administrators may create a group policy that controls the distribution of the software.
• Create and Delete objects of a specific type: In an organizational unit, specific types may include users, groups, and printers. When the new employee joins the organization, for example, you create a user account for the employee and then add the employee to the appropriate organizational unit to group.
• Update specific properties on object of a specific type: In an organizational unit, perhaps the most common administrative task that you perform, updating properties include tasks such as resetting passwords and changing an employee's personal information, such as his home address and phone number, when he moves.

Delegation of Administrative Control

You can use the delegation of control wizard to delegate administrative control of active directory objects, such as organizational units. By using the wizard, you can delegate common administrative tasks, such as creating, deleting, and managing user accounts.

To delegate common administrative tasks for an organizational unit, perform the following steps:

• Start the delegation of control wizard by performing the following steps:
  • Open Active Directory Users and Computers.
  • In the console tree, double click the domain node.
  • In the details menu, right click the organizational unit, click delegate control, and click next.
• Select the users or group to which you want to delegate common administrative tasks. To do so, perform the following steps:
  • On the Users or Groups page, click Add.
  • In the select Users, computers or Groups, write the names of the users and groups to which you have to delegate control of the organizational unit, click OK. And click next.
• Assign common tasks to delegate. To do so perform the following common tasks.
  • On the tasks to delegate page, click delegate the following common tasks.
  • On the tasks to delegate page, select the tasks you want to delegate, and click OK.
• Click Finish.

Customizing Delegated Administrative Control

In addition to using the delegation of control wizard to delegate a custom set of administrative tasks. Such as the creation, deletion, management of user accounts, you can use the wizard to select a set of custom tasks and delegate control of only those tasks.

For example, you can delegate control of all existing objects in an organizational unit and any new objects that are added, or you can select the objects in the organizational unit that you want to delegate administrative control of, such as only user objects in an organizational unit. You can also specify that you want to delegate only the creation of the selected objects, or the deletion of the object, or both.

To delegate custom administrative tasks for an organizational unit, perform the following steps:

• Start the Delegation of Control Wizard.
• Select the users or groups to which you want to delegate administrative tasks.
• Assign the custom tasks to delegate. To do this, perform the following steps:
  • On the Tasks to Delegate page, click on Create a custom task to delegate, and click next.
  • On the Active Directory Object Type page, select one of the following tasks:
• Click This folder, existing objects in this folder and creation of new objects in this folder, and click next.
• Click Only the following objects in the folder, select the Active Directory object type that you want to delegate control, and click next.
  • Select the permissions that you want to delegate, and click next.
• Click Finish.

Bookmark How do I Delegate Administrator Privileges in Active Directory?

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum