Delegate Administration Tasks

Toggle sidebar Toggle sidebar
nick

nick

Distinguished
Dec 31, 2007
994
0
18,980
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have created a few OUs that will hold different distribution groups. I
have created a security group named "Group Creators" Here they can create
and delete groups, change membership, and rename if necessary. My AD
permissions for this work fine, but I see that if a user creates the group
they are the owner of that group and can modify the group's ACL. Is there a
way that if a user creates a group that they are not the "owner" of it so
that the security permissions cannot be modified. When I log in as Admin and
take the ownership away they can still modify all items that I had specified,
but cannot modify the security ACLs on the group. I can't seem to find how
set Administrators as default owner no matter who creates the group.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

This is a known behavior that MS will, hopefully, fix in the future. In the
meantime, there are third-party provisioning/delegation tools that you can
buy. Alternatively, you can script your own provisioning tool that
impersonates a specific account and tell your admins to use that tool. The
objects they create in that tool will have the impersonated account as
owner.

--

Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Nick" <nt32msngns@online.nospam> wrote in message
news:E520893A-D6F7-4D19-80A2-A9F09596EC54@microsoft.com...
>I have created a few OUs that will hold different distribution groups. I
> have created a security group named "Group Creators" Here they can create
> and delete groups, change membership, and rename if necessary. My AD
> permissions for this work fine, but I see that if a user creates the group
> they are the owner of that group and can modify the group's ACL. Is there
> a
> way that if a user creates a group that they are not the "owner" of it so
> that the security permissions cannot be modified. When I log in as Admin
> and
> take the ownership away they can still modify all items that I had
> specified,
> but cannot modify the security ACLs on the group. I can't seem to find
> how
> set Administrators as default owner no matter who creates the group.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom