Server 2008 Delegation of Control Wizard

Simplifying Permissions Management with Server 2008's Delegation of Control Wizard

A significant advantage offered by Server 2008 is the streamlined approach to assigning permissions for frequent tasks to either groups or administrators, facilitated by the Delegation of Control Wizard. Let's assume a newly established network where granting Helpdesk administrators the capability to reset user passwords is desired.

To prevent unintended modifications to other domain areas, access rights will be limited solely to this password reset function, at least initially. The Delegation of Control Wizard provides the most direct method for achieving this. We will begin by navigating to Administrative Tools and launching the Active Directory Users and Computers snap-in.

Accessing the Delegation Wizard

After expanding the domain, locate the Organizational Unit (OU) containing the Helpdesk group. Right-click on this OU and select the "Delegate Control" option.

The Delegation Wizard’s introductory screen will then appear; proceed by clicking "Next".

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-1.jpg

Adding the Helpdesk Group

To include the Helpdesk group, click the "Add" button.

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-2.jpg

Enter the group's name, "helpdesk", and then click the "Check Names" button. Upon successful identification within Active Directory, the name will be fully displayed, allowing you to click "OK".

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-3.jpg

Once the group appears in the list of selected users and groups, advance to the next step by clicking "Next" again.

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-4.jpg

Selecting the Task to Delegate

The Delegation of Control Wizard now presents a list of commonly delegated tasks. A "Create a custom task to delegate" option is also available for more specialized permissions. In this case, we will select "Reset user passwords" from the list and click "Next".

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-5.jpg

A summary of the permissions about to be delegated will be displayed. It is prudent to review this information to ensure no unintended selections have been made. Confirming the accuracy of the settings, click the "Finish" button.

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-6.jpg

Verifying Delegated Rights

To confirm the assigned permissions, open a command prompt and execute the command: dsacls.exe “ou=People,dc=sysadmingeek,dc=com”

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-7.jpg

The output will display the delegated rights, including how they are inherited by Helpdesk administrator Susan Doe.

using-the-delegation-of-control-wizard-to-assign-permissions-in-server-2008-8.jpg

This demonstration provides a basic overview of the Delegation Wizard’s capabilities. It can be utilized extensively to implement more granular and specific user and group controls.

Topics

More

Server 2008 Delegation of Control Wizard - Assign Permissions