Guest KA Kueh Posted April 25, 2008 Posted April 25, 2008 Dear all, I need to allow one technical staff the ability to only manage users account in my domain? What is the appropriate user rights/permission that I should give for that the work? FYI, I do not want to assign the user as Administrator or Administrator group. thanks. Regards, Kueh.
Guest Lanwench [MVP - Exchange] Posted April 25, 2008 Posted April 25, 2008 Re: User rights? KA Kueh <KAKueh@hotmail.com> wrote: > Dear all, > > I need to allow one technical staff the ability to only manage users > account in my domain? What is the appropriate user rights/permission > that I should give for that the work? FYI, I do not want to assign > the user as Administrator or Administrator group. thanks. > > Regards, > Kueh. Use AD delegation. Rather than doing this for one user, I would instead delegate rights to an AD security group (called "Helpdesk" or something) and make the user a member of that group. http://windowsitpro.com/article/articleid/45841/ad-delegation-eases-administration.html may help you get started. Then, if they have the admin tools on their workstation, you can set up a custom MMC taskpad for them to do what they need, such as change passwords, etc. http://www.petri.co.il/create_taskpads_for_ad_operations.htm may help.
Guest KA Kueh Posted April 26, 2008 Posted April 26, 2008 Re: User rights? Hi, Thanks for the info. I will take a look. Thanks. Regards, Kueh. "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message news:e4s%23%23OtpIHA.4884@TK2MSFTNGP06.phx.gbl... > KA Kueh <KAKueh@hotmail.com> wrote: >> Dear all, >> >> I need to allow one technical staff the ability to only manage users >> account in my domain? What is the appropriate user rights/permission >> that I should give for that the work? FYI, I do not want to assign >> the user as Administrator or Administrator group. thanks. >> >> Regards, >> Kueh. > > Use AD delegation. Rather than doing this for one user, I would instead > delegate rights to an AD security group (called "Helpdesk" or something) > and make the user a member of that group. > http://windowsitpro.com/article/articleid/45841/ad-delegation-eases-administration.html > may help you get started. > > Then, if they have the admin tools on their workstation, you can set up a > custom MMC taskpad for them to do what they need, such as change > passwords, etc. > > http://www.petri.co.il/create_taskpads_for_ad_operations.htm may help. >
Guest Lanwench [MVP - Exchange] Posted April 26, 2008 Posted April 26, 2008 Re: User rights? KA Kueh <kka@ksm.com.my> wrote: > Hi, > > Thanks for the info. I will take a look. Thanks. > > Regards, > Kueh. You're welcome - good luck. > > > "Lanwench [MVP - Exchange]" > <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:e4s%23%23OtpIHA.4884@TK2MSFTNGP06.phx.gbl... >> KA Kueh <KAKueh@hotmail.com> wrote: >>> Dear all, >>> >>> I need to allow one technical staff the ability to only manage users >>> account in my domain? What is the appropriate user >>> rights/permission that I should give for that the work? FYI, I do >>> not want to assign the user as Administrator or Administrator >>> group. thanks. Regards, >>> Kueh. >> >> Use AD delegation. Rather than doing this for one user, I would >> instead delegate rights to an AD security group (called "Helpdesk" >> or something) and make the user a member of that group. >> http://windowsitpro.com/article/articleid/45841/ad-delegation-eases-administration.html >> may help you get started. >> >> Then, if they have the admin tools on their workstation, you can set >> up a custom MMC taskpad for them to do what they need, such as change >> passwords, etc. >> >> http://www.petri.co.il/create_taskpads_for_ad_operations.htm may >> help.
Recommended Posts