Delegation Permissions to admins in Active Directory/Taskpads

Posted by user1569537 on Server Fault See other posts from Server Fault or by user1569537
Published on 2012-11-14T16:11:09Z Indexed on 2012/11/14 17:04 UTC
Read the original article Hit count: 238

I am trying to provide taskpads to few admins to operate on few tasks delegated to them at OU level.I ran into the following problem;

lets say i delegated access to the admin on OU X and which is ability to modify groups such as sample group X1 , he must be able to add any users from OU X to the group X1.

The issue here is while testing i found out the admin can do the above but also can add a user Y1 from the OU Y(which he doesnt have delegated permissions) to the group X1.What am i missing? how to restrict admin from adding users out of OU to the groups he has modify access to?

Please ask me if any more details/clarification required.

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about windows-server-2003