|Subject:||Delegating AD Rights (Enable/Disable Accounts)|
|Posted by:||Sam Gaw (SamG…@discussions.microsoft.com)|
|Date:||Thu, 14 Sep 2006|
I'm in the middle of trying to work out how to delegate control over user
accounts in AD to non-admin staff so that they will be able to enable &
disable guest accounts within a specific OU.
Originally I had looked at just building up a custom MMC and only delegating
the enable/disable permissions to a security group that would then use the
snap-in but because this will be used my non technical staff even that
confused them so I'm now looking at the option of a HTA app or something
along those lines were the only thing shown to the staff is the accounts & an
the enable/disable buttons.
Unfortunately this has proven more difficult than I originally thought it
would be & was wondering if anyone had done anything remotely similar or had
any pointers to get me moving in the right direction? Even any advice on how
to strip back a MMC do only show what's needed would be fantastic.
Any help or advice on this would be very much appreciated.