• +1-818-527-9935
  • Register
Assignment Help

Home >> Computer Science Help >> Database Homework Help >> Active Directory Delegation

Submit Assignment

Payment Online Assignment Help sfsf

Active Directory Delegation

By now everyone is running Windows Active Directory or has considered migrating to it at one time or another. With Windows NT no longer supported, it is important to understand the reasons for moving to Active Directory, so that the design and support can be considered. By far one of the most important reasons to move to Active Directory is the inclusion of Delegation of Administration for the directory service. Delegation of administration provides an opportunity to allow more users and administrators to have say in the administration of Active Directory, without giving them too much power. This provides a higher yield on the Return on Investment of Active Directory, as well as providing a more flexible mechanism for managing the enterprise objects and accounts. If you don’t know what delegation of administration is, or you have not yet implemented it, I will go into the details you need to know to implement it, as well as some design ideas to get you started.

What is Delegation of Administration?

Delegation of administration is really a fancy way of referring to establishing access control lists on organizational units and accounts in Active Directory. If we were to compare delegation of administration to a standard file and folder structure, you can see how the concept works.

Assume that you have a folder structure where there is a top level folder, with two tiers of folders under it. The top level is called Data and the two tiers under the Data folder include Departments and HRData. The Departments folder also has other subfolders including Sales, Engineering, Finance, and Executives. If you want someone from the IT department to control all files for all departments, you would configure the permissions at the Departments level. If however, you wanted a user from the HR department to control the files under the HRData folder only, you would configure the permissions on the HRData folder, thus giving them access to all files stored under it.

Delegation of Administration is similar. Let’s assume that you have a organizational unit (OU) structure such that the top level OU is named Employees and the child OUs are Departments and HRUsers. Departments also includes child OUs such as SalesUsers, EngineeringUsers, FinanceUsers, and ExecutiveUsers. If you wanted someone from the IT department to have the ability to reset the password for all employees in all departments, you would establish that delegation of administration at the Departments OU level. If however, you wanted a manager from the HR department to be able to reset the passwords for only the HR users, you would configure the delegation of administration on the HRUsers OU, thus giving them the ability to just reset passwords for these users.

As you can see, delegation of administration is designed to allow domain admins the ability to offload specific tasks, to specific users/administrators, over specific objects within the Active Directory structure.

Implementing Delegation of Administration

When you sit down to implement delegation of administration, you first need to decide on which actions you want to delegate out. Microsoft continues to add specific tasks for you to easily setup. These tasks are common tasks that most companies need to delegate out, regardless of the size of the organization. The benefit of having this prebuilt list of tasks is that you can mask the actual permissions that need to be set on the OUs.

To understand how the delegation of administration can be set, let’s look at a step-by-step on how to establish the delegation of administration that we just looked at for the resetting of passwords. The structure of OUs is shown in Figure.


 
Active Directory structure of organizational units

Services: - Active Directory Delegation Homework | Active Directory Delegation Homework Help | Active Directory Delegation Homework Help Services | Live Active Directory Delegation Homework Help | Active Directory Delegation Homework Tutors | Online Active Directory Delegation Homework Help | Active Directory Delegation Tutors | Online Active Directory Delegation Tutors | Active Directory Delegation Homework Services | Active Directory Delegation