Announcement

Collapse
No announcement yet.

Delegating Control

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegating Control

    Hi Friend,

    I am bit confused while delegating righst, My requirement are :

    1. I have created a G.group "GAM" and added the users whom I want to delegate rights.

    2. Now I have already delegate them right t o create, delete users with password reset rights.

    Now - I want to them to able to mange only some specific g.group's membership and on rest of the group I donot want to give them rights. PLEASE tell how to do that.

    Regards
    Yogesh Malhotra

  • #2
    Re: Delegating Control

    Delegation of Rights is not operative on groups, it's operative on Organisational Units - i.e. you delegate rights TO a group, OVER an OU. Remember that Containers (like "Users") are NOT OUs.

    So - don't put your target users in groups, put them in an OU. Your users who are getting the delegated rights should be in a group.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Delegating Control

      Originally posted by Stonelaughter View Post
      Delegation of Rights is not operative on groups, it's operative on Organisational Units - i.e. you delegate rights TO a group, OVER an OU. Remember that Containers (like "Users") are NOT OUs.

      So - don't put your target users in groups, put them in an OU. Your users who are getting the delegated rights should be in a group.


      Hello Friend,

      Thanks for our reply but I did the same thing what u told. I created a group and added all user inot it. Now on OU > security tab I added that group and gave premission for create user object. Also I denied "Delete all object " in acl but result is :

      Those Users can create user object only in that particular OU but still able to delete users wich I donot want.

      Comment


      • #4
        Re: Delegating Control

        Hi,

        Explicitly check the deny box "Delete Users" for this object and all child objects using the advance button in security tab.

        Regards,
        Kapil Sharma
        ~~~~~~~~~~~~~
        Life is too short, Enjoy It.

        Comment


        • #5
          Re: Delegating Control

          Originally posted by Yogesh View Post
          Hello Friend,

          Thanks for our reply but I did the same thing what u told. I created a group and added all user inot it. Now on OU > security tab I added that group and gave premission for create user object. Also I denied "Delete all object " in acl but result is :

          Those Users can create user object only in that particular OU but still able to delete users wich I donot want.
          There's your mistake. You should be using the "Delegation of Authority" wizard, NOT setting permissions directly.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: Delegating Control

            Originally posted by Stonelaughter View Post
            There's your mistake. You should be using the "Delegation of Authority" wizard, NOT setting permissions directly.
            HI Tom,

            I have checked by "Delegation of Authority" but it provide the option of "Creat,delete user accounts" and Reset password for users" BUT I want to give only creation and password reset ability and not the deletion right.

            Also I have checked by 1st running "delegation of authority " then I manulally denied "deletion of all object " and "deletion of user object" and very strangely users still have deletion rights.

            If you are aware of advance mode in "delegation of authority" then please provide me the steps I have to follow.

            Comment


            • #7
              Re: Delegating Control

              On the page where you can select the delegated tasks, look UNDER the list box. There is a selection there "Create a custom task to delegate".


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment


              • #8
                Re: Delegating Control

                Originally posted by Stonelaughter View Post
                On the page where you can select the delegated tasks, look UNDER the list box. There is a selection there "Create a custom task to delegate".
                Thanks Tom, I will try then let u know.

                Comment


                • #9
                  Re: Delegating Control

                  Tom,
                  is there a way to check which rights you delegated to specific group ?
                  thanks,
                  cheers,

                  Comment


                  • #10
                    Re: Delegating Control

                    Originally posted by aa11 View Post
                    Tom,
                    is there a way to check which rights you delegated to specific group ?
                    thanks,
                    cheers,
                    Good question....

                    Comment


                    • #11
                      Re: Delegating Control

                      Unfortunately I'm not aware of one. It's as if the whole Delegation of Authority thing was an afterthought and poorly designed.


                      Tom
                      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                      Anything you say will be misquoted and used against you

                      Comment


                      • #12
                        Re: Delegating Control

                        Hi,

                        1. Go to the security page in the properties of the OU where you want to check the delegation.

                        2. Click on advance and go the "Effective Permissions" tab.

                        3. Select the name of the user or group that you want to check.

                        4. It will show you the result.

                        Regards,
                        Kapil Sharma
                        ~~~~~~~~~~~~~
                        Life is too short, Enjoy It.

                        Comment


                        • #13
                          Re: Delegating Control

                          Originally posted by kapilsharma11 View Post
                          Hi,

                          1. Go to the security page in the properties of the OU where you want to check the delegation.

                          2. Click on advance and go the "Effective Permissions" tab.

                          3. Select the name of the user or group that you want to check.

                          4. It will show you the result.
                          • Originally posted by aa11 View Post
                            is there a way to check which rights you delegated to specific group ?
                            first..
                          • Open ADU&C
                          • Click on 'View' on the menubar
                          • Check "Advanced Features"

                            then you can..
                          • Right click the OU and open the 'Properties'.
                          • On the "Security" tab and click 'Advanced'
                          • On the 'Effective Permissions' tab select the Group or User.
                            <check the rights>

                          • Close the 'properties' window
                          • Uncheck "Advanced Features"


                          \Rems

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment


                          • #14
                            Re: Delegating Control

                            thanks very much, works like a charm.
                            cheers,

                            Comment

                            Working...
                            X