Active Directory Administration

Active Directory Administration

Administering or managing Active Directory is never an easy task in a large network. Therefore, to simplify such task organizational units (OUs) are created so that administrative tasks can be distributed easily. If we carefully look at the present scenario, then these days the distribution of the administrative tasks to other administrators is quite common method that is practiced at enterprise level AD management through the process of delegating of administration. Now, in simple terms delegation of administration is nothing more than a process where one establishes access control lists (ACLs) on OUs and user accounts with an AD. The great aspect following such method of allowing different administrator to manage the Active Directory with delegation of controls is it helps in yielding more ROI. Adding to that it also provides a more flexible approach to Active Directory administration.

Moreover, the delegation of administration permits domain admin to relieve explicit tasks to particular administrators for definite AD objects in the Active Directory structure. Adding to that, depending upon the structure of Active Directory, particularly the design of Organizational Units, delegation of administration can be executed successfully. In fact, apart from Deployment of Group Policies, delegation of administration must be the other important design goal for an AD.

However, there are few important factors that need to be determined before you actually implement delegation of Administration, such as:

• User location: Whether centralized or distributed over remote sites.
• Administrator role: Whether the particular department is operated by a single administrator or the relationship is all-in-all.
• Administrator rights: Whether various admin staffs are employed for managing computer accounts and user.
• Group membership: Is there any real requirement for managers of departments to control membership in their own groups administrator needs to be called for managing the group membership.
• User passwords: Whether department managers need to manage password resetting or administrator.

Steps to implement Delegation of Administration Control

The delegation control wizard is primarily meant for delegating administrative control tasks like creating, deleting or managing user and computer accounts. Here are important steps that you need to follow to execute the delegation of general administrative tasks:

Start the Delegation of Control Wizard by performing the following steps:

1. Open Active Directory Users and Computers.
2. In the console tree, double click the domain node.
3. In the Details menu, right click the organizational unit, click delegate control, and click Next.

Select the groups or users to which common administrative tasks will be delegated to using the following steps:

1. On the Users or Groups page, click Add.
2. In the select Users, computers, or Groups, write the names of the users and groups to which control of the organizational unit has to be delegated, click OK and Next.

Assign common tasks to delegate. To do so, perform the following common tasks:

1. On the tasks to delegate page, click delegate the following common tasks.
2. On the tasks to delegate page, select the tasks to be delegated and click OK.
3. Click Finish.