Archived from groups: microsoft.public.win2000.active_directory (More info?)
I'm sure this is very simple... I hope someone could steer me in the right
direction...
I'm just now getting to the point where I'd like to start delegating control
of parts of AD. For example, I'd like to maintain a large Contacts library
in AD. And for our 4 locations, I'd like to give user control to someone
local.
I THINK that it looks simple enough to do this by either using the "Delegate
Control" feature on certain OU's, and / or setting the "managed by" fields
in the properties of OU's.
My question is, what is the best way for these users to get to AD. Do I
really have to have them log in to the server? Currently when I try to log
in with another user name (that has been delegated control of a certain OU)
via remote desktop, the server says that "local policy of the system does
not allow you to logon interactively". I'm sure this is just a permissions
thing easy enough to figure out, but I'd prefer to not have these users in
the server.
Is there not some sort of something I can load onto their XP machines that
give them only what they need from AD?
Thanks for any advise!
Tim
I'm sure this is very simple... I hope someone could steer me in the right
direction...
I'm just now getting to the point where I'd like to start delegating control
of parts of AD. For example, I'd like to maintain a large Contacts library
in AD. And for our 4 locations, I'd like to give user control to someone
local.
I THINK that it looks simple enough to do this by either using the "Delegate
Control" feature on certain OU's, and / or setting the "managed by" fields
in the properties of OU's.
My question is, what is the best way for these users to get to AD. Do I
really have to have them log in to the server? Currently when I try to log
in with another user name (that has been delegated control of a certain OU)
via remote desktop, the server says that "local policy of the system does
not allow you to logon interactively". I'm sure this is just a permissions
thing easy enough to figure out, but I'd prefer to not have these users in
the server.
Is there not some sort of something I can load onto their XP machines that
give them only what they need from AD?
Thanks for any advise!
Tim
Facebook
Twitter
Instagram