Delegating AD Rights (Enable/Disable Accounts)

Giganews Newsgroups
Subject: Delegating AD Rights (Enable/Disable Accounts)
Posted by:  Sam Gaw (SamG…
Date: Thu, 14 Sep 2006

I'm in the middle of trying to work out how to delegate control over user
accounts in AD to non-admin staff so that they will be able to enable &
disable guest accounts within a specific OU.

Originally I had looked at just building up a custom MMC and only delegating
the enable/disable permissions to a security group that would then use the
snap-in but because this will be used my non technical staff even that
confused them so I'm now looking at the option of a HTA app or something
along those lines were the only thing shown to the staff is the accounts & an
the enable/disable buttons.

Unfortunately this has proven more difficult than I originally thought it
would be & was wondering if anyone had done anything remotely similar or had
any pointers to get me moving in the right direction? Even any advice on how
to strip back a MMC do only show what's needed would be fantastic.

Any help or advice on this would be very much appreciated.