Delegating Privileges in Active Directory
One of the key benefits of Active Directory (AD) is the ability to delegate privileges on an extremely granular level to other users in the directory. With AD’s security delegation model, you can delegate common tasks—like password resets, account unlocks, or even creation and management of objects—to someone without making him or her an administrator of the directory. The Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) includes a wizard that can help with some common tasks, but it doesn’t handle every scenario. In this article, we’ll take a practical look at the more advanced AD security editor with some common examples. We’ll also look at the different fundamental constructs that you will need to know in order to master AD delegation.
[RESOURCE AUTHOR]
