This exercise walks you through the steps required to delegate control of OUs.
- In the Active Directory Users And Computers tool, create a new user within the Engineering OU, using the following information (use the default settings for any fields not specified):
- First Name: Robert
- Last Name: Admin
- User Logon Name: radmin
- Right-click the Sales OU and select Delegate Control. This starts the Delegation of Control Wizard. Click Next.
- To add users and groups to which you want to delegate control, click the Add button. In the Add dialog box, enter Robert Admin for the name of the user to add. Note that you could specify multiple users or groups using this option. Click OK to add the account to the delegation list, which is shown in the Users Or Groups page. Click Next to continue.
- On the Tasks To Delegate page, you must specify which actions you want to allow the selected user to perform within this OU. Select Delegate The Following Common Tasks and place a check mark next to the following options:
- Create, Delete, And Manage User Accounts
- Reset User Passwords And Force Password Change At Next Logon
- Read All User Information
- Create, Delete, And Manage Groups
- Modify The Membership Of A Group
- Click Next to continue. The wizard provides you with a summary of the selections that you have made on the Completing The Delegation Of Control Wizard page. To complete the process, click Finish to have the wizard commit the changes.
- Now when the user Robert Admin logs on (using “radmin” as his logon name), he will be able to perform common administrative functions for all of the objects contained within the Sales OU.
