No announcement yet.

Enable user r/w to ADS without admin

  • Filter
  • Time
  • Show
Clear All
new posts

  • Enable user r/w to ADS without admin

    I've an application that use an ADS user to connect the LDAP. I need to enable a user to write to ADS (i.e. add/remove users, etc) but don't want to add this user to domain admin group or on the other hand deny this user to login any of the machines in that domain. Can someone think on a solution for that?

    Thanks in advance.

  • #2
    Re: Enable user r/w to ADS without admin

    You can delegae rights over users / groups to perform certain tasks i.e create new users within AD at different levels i.e. domain / OU .

    Do a search on "Active Directory Delegation of rights"

    You should find plenty of information about this.

    Hope this helps

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: Enable user r/w to ADS without admin

      10x, i found the solution by checking the deny logon rights on the user properties.