Announcement

Collapse
No announcement yet.

Delegation of Control

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegation of Control

    OK, I know how to delegate control and so on, and what the effects are. But how to MANAGE the environment which has control delegated?

    Is there any way to display the current delegation environment (for instance using Active Directory Users and Computers)? In fact, is there any way to view delegated control at all?

    What tools are available as standard, and can any tools be purchased?

    Thanks


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

  • #2
    Re: Delegation of Control

    Originally posted by Stonelaughter View Post
    Is there any way to display the current delegation environment (for instance using Active Directory Users and Computers)?
    What do you mean by "delegation environment"?

    What the Delegation of Control wizard does is modify the ACLs on AD objects so that the user or group specified has the proper permissions to do the tasks it needs to do.

    To see what permissions have been assigned you can use something like ADUC (you'll need to select Advanced from the view menu) or ADSI Edit and go to Properties -> Security tab.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Delegation of Control

      Let's say you have a tree with 10 domains at various levels of nesting, 500 OU's at various levels of nesting, 28,000 user accounts and 9500 group accounts, with control delegated to 1500 user accounts via membership of 250 groups, in various levels of OU.

      How do you "see" an overall view of how tasks are delegated across the forest? Rather than "looking" at one user account, or one OU, or one group, I want to see the WHOLE PICTURE as it stands NOW. Or, I want to be able to pick an OU and see who has control at that level.

      Is it possible?


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Delegation of Control

        I'm sure there's a third party tool out there that will do what you're looking for... or maybe a script.

        Have a look at this though:
        http://www.microsoft.com/technet/abo...ps_120704.mspx

        http://www.google.com/search?hl=en&l...ory+permission
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Delegation of Control

          This is not possible with Server 2003. The closest you will probably get is to use 'Effective permissions' and, tbh, I aint seen 3rd pary apps that will do this.

          Probably best to ensure you DOCUMENT everything, which we all know everyone hates

          Michael
          Michael Armstrong
          www.m80arm.co.uk
          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: Delegation of Control

            Nice find Jeremy
            Michael Armstrong
            www.m80arm.co.uk
            MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Delegation of Control

              Thanks Jeremy!

              Michael - unfortunately I'm coming into an already-configured environment without documentation. *shrug*

              Cheers folks.


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment

              Working...
              X