Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Shumov2016-09-27 16:59:34
Active Directory
Dmitry Shumov, 2016-09-27 16:59:34

Delegation of rights in AD, how?

Greetings!
There is a task to give rights to a group as a domain to admins, but without the ability to create or delete users. I do through delegation. On the permishin tab, I do this:
43cc20e1e8124775a4e2464eac9d82a0.png
i.e. I put Full Control, and then I remove the checkboxes from Create and Delete.
As a result, a member of this group can still create a user, but swears that there are not enough rights to set a password, and the user will be created "blocked". And so it happens. A member of the group also has the ability to delete a user.
What am I doing wrong? What rights should be given/taken away?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Shitskov, 2016-09-27
@Zarom

Check out this article https://habrahabr.ru/post/174437/
Starting with "Determining tasks for which delegation has been granted"

Similar questions
M
micro09902018-06-29 16:43:16
Adding an additional controller to the domain. How to implement? 3Reply
M
mrkotovsk12021-09-30 19:26:06
How to fix disappearing/knocking printers in roaming profiles? 1Reply
A
Andrey Strelkov2018-07-11 08:38:36
Can a backend application access another web service on behalf of another Active Directory user? 1Reply
W
want2020-07-10 10:17:01
How can you organize the work of users from different companies on 1 server? 3Reply
A
alec14902013-11-20 10:28:46
Access to a network folder under one user at the same time from several PCs? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question