Windows Server: Delegating Administration for a Branch Office on Server 2012 R2
This article is lesson 5.
Lesson 4: http://tuhocmang.com/english/windows-server-system/window-server-how-to-install-additional-domain-controller-on-server-2012-r2.html
Please check previous lesson first to understand clearly.
LON-DC1: Domain Controller (Windows server 2012 R2)
LON-CL1: client (windows 8.1)
Our company has 3 sites. Headquarter is in USA and 2 branch office are in Canada and China.
I (administrator at headquarter) want to delegate
+ Full Administration Role for Administrator
+ Manage User Role for IT helpdesk
Step 1: Choose Active directory users and computers
Step 2: Create new OU ( each OU will be a site)
Step 3: Type Brach office 1 ( this OU will include all computer and user on one site)
Step 4: Create Group and User
Step 5: Move LON-CL1 to new OU – Branch office 1
From now, we will configure Delegation administrator
Step 6: Right-Click Branch Office 1 > Choose Delegate control
Step 7: Next
Step 8: add group or user you want to delegate
i will add group: Administrator on Branch Office 1
Step 9: We choose roles that we want to delegate for group Administrator (just click roles that you need )
Step 10: Finish
Step 15: with computer object, we just want Group Administrator at branch office has full roles for computer object, so i do as following image.
Step 16: Finish
Step 19: we will delegate for Group Helpdesk
Step 20: Help desk Group has fewer roles (reset pass, modify…)
Step 21: Finish
From now, we will test the result
Step 22: add user Holly to group Administrator on OU: Branch Office 1
Step 23: log on user Holly
Step 25: Choose ADUC (dsa.msc)
Step 26: try to delete user Aaren (Araren is not belong to OU: Branch office 1 , so Holly can’t delete Aaren )
Step 27: Holly will delete Ed (belong to Branch Office 1)
And Holly can delete it
Step 28: add Bart to Help Desk Group
Step 30: Log on user: Bart
Step 31: user Bart opens ADUC
Step 32: Bart tries to delete Connie
But he can’t . Because Help desk group can’t delete users.
Step 33: Bart tries to reset password
And He got it
Done, see you in next lesson (lesson 6)
Please G+ , like and share for me.