In this article, I’ll show you how to delegate Control In Active Directory and all a specific user to only reset passwords to users.
In this case, My client asked me to delegate control In AD to a staff member that will allow him to reset the password to users that locked their AD account.
Lucky, Active Directory allows us to delegate almost any possible administrative task and today I’ll show you how to do that.
To get started, you will need to use a Domain Admin account to set this up If you are, Open Active Directory Users and Computers -> Right click on the domain name and select Delegate Control
In the Users and Group click Add and Add users or groups
In the Task to Delegate, select the task and click next to finish the wizard
Done, Ask the user to log off and log on again to get the new delegated permissions
Hi
Is there any way the user who has the Delegation to do administrative tasks, do them from their workstation without logging into the server? i.e user “Kal” had be granted delegation to add new domain users, can “Kal” add new domain users from his windows 10 workstation or does he need to login to the domain controller to do these tasks?
Thanks