No announcement yet.

Delegation Tab in ADUC for an Admin

  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegation Tab in ADUC for an Admin

    Just spotted a new tab when looking at the account properties of one of my sub-admins in ADUC. This single person has a "Delegation" tab, whereas none of my other administrators have that tab. I haven't seen this tab before. He hasn't been specifically delegated control of any OU's, so I'm puzzled. His group memberships are in line with the other administrators'.

    What gives? I'm feeling especially dumb today.

  • #2
    Re: Delegation Tab in ADUC for an Admin

    The user account has additional SPNs configured. Check out the servicePrincipalName attribute of the user account in question. Looks like the account is or was being used as service account and SPNs were configured for constrained delegation.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      Re: Delegation Tab in ADUC for an Admin

      Guy, thanks. Clearly I wasn't having a "dumb" day, I'm just under-educated. I never would have figured that out.

      Now to figure out where this guy used his account as a service...