Home / Chuyên đề tự học / Windows Server: Delegating Administration for a Branch Office on Server 2012 R2

Windows Server: Delegating Administration for a Branch Office on Server 2012 R2

Windows Server: Delegating Administration for a Branch Office on Server 2012 R2

This article is lesson 5. 

Lesson 4: http://tuhocmang.com/english/windows-server-system/window-server-how-to-install-additional-domain-controller-on-server-2012-r2.html

Please check previous lesson first to understand clearly.

delegating-admin-1

Description: 

LON-DC1: Domain Controller (Windows server 2012 R2)

LON-CL1: client (windows 8.1)

Script:

Our company has 3 sites. Headquarter is in USA and 2 branch office are in Canada and China.

I (administrator at headquarter) want to delegate

+ Full Administration Role for Administrator

+ Manage User Role for IT helpdesk

 

Lets start

Step 1: Choose  Active directory users and computers

delegating-admin-2

Step 2: Create new OU ( each OU will be a site)

delegating-admin-3

Step 3:  Type Brach office 1 ( this OU will include all computer and user on one site)

delegating-admin-4

Step 4:  Create Group and User

delegating-admin-5

 

delegating-admin-6

Step 5: Move LON-CL1 to new OU – Branch office 1

delegating-admin-7

 

From now, we will configure Delegation administrator

Step 6: Right-Click Branch Office 1 > Choose Delegate control

delegating-admin-8

 

Step 7: Next

delegating-admin-9

 

Step 8: add group or user you want to delegate

i will add group: Administrator on  Branch Office 1

Next

delegating-admin-10

Step 9: We choose roles that we want to delegate for group Administrator (just click roles that you need )

delegating-admin-11

Step 10: Finish

delegating-admin-12

Step 11:

delegating-admin-13

Step 12

delegating-admin-14

Step 13

delegating-admin-15

Step 14

delegating-admin-16

Step 15: with computer object, we just want Group Administrator at branch office has full roles for computer object, so i do as following image.

delegating-admin-17

 

delegating-admin-18

Step 16: Finish

delegating-admin-19

Step 17

delegating-admin-20

Step 18

delegating-admin-21

Step 19: we will delegate for Group Helpdesk

delegating-admin-22

Step 20: Help desk Group has fewer roles (reset pass, modify…)

delegating-admin-23

Step 21: Finish

delegating-admin-24

From now, we will test the result

Step 22: add user Holly to group Administrator on OU: Branch Office 1

delegating-admin-25

 

 

delegating-admin-26

Step 23: log on user Holly

delegating-admin-27

Step 24

delegating-admin-28

 

delegating-admin-29

Step 25: Choose ADUC (dsa.msc)

delegating-admin-30

Step 26: try to delete user Aaren (Araren is not belong to OU: Branch office 1 , so Holly can’t delete Aaren )

delegating-admin-31

 

delegating-admin-32

 

delegating-admin-33

Step 27: Holly will delete Ed (belong to Branch Office 1)

delegating-admin-34

And Holly can delete it

delegating-admin-35

Step 28: add Bart to Help Desk Group

delegating-admin-36

 

delegating-admin-37

 

delegating-admin-38

Step 30: Log on user: Bart

delegating-admin-39

Step 31: user Bart opens ADUC

delegating-admin-40

Step 32: Bart tries to delete Connie

 

delegating-admin-41

 

But he can’t . Because Help desk group can’t delete users.

delegating-admin-42

Step 33: Bart tries to reset password

delegating-admin-43

delegating-admin-44

And He got it

delegating-admin-45

 

Done, see you in next lesson (lesson 6)

Please G+ , like and share for me.

About Hoang Do Viet

Tớ thích thể thao, văn thơ, ghét IT như quỷ ý ......

Check Also

Vmware Vsphere: Ôn lại phân quyền trên Vcenter và các trường hợp xung đột khi phân quyền

Tuhocmang.com – Vmware Vsphere: Ôn lại phân quyền trên Vcenter và các trường hợp xung đột …

Vmware Vsphere: Tất cả các về đề về join Vcenter vào domain để chứng thực tập trung và phân quyền tập trung

Tuhocmang.com – Vmware Vsphere: Tất cả các vấn đề vềJoin Vcenter vào domain để chứng …

Leave a Reply

Your email address will not be published. Required fields are marked *