Managing AD Users
PRACTICE ! PRACTICE ! PRACTICE !
Observe the Organizational chart and make changes according to it and make the AD to match it !
Delegation
One of the nice things we can do in AD is to give specific users some control over some OUs
This process is known as delegation it allows you to grant users specific privileges to perform advanced tasks on OUs without needing a Domain Administrator to step in
Imagine a scenario where the marketing team or the sales team face some software issues in thier systems and it needs to be rectified in no time - Every time the Domain Admin cannot step in and solve the issue instead what if he just grants the required permissions (delegations) to the IT Support team?
Now let's assume that sophie who's from the Sales team is using a default password and the IT support guy phillip has the delegation to reset her password, how will he do it ? - So to first delegate the controls for the IT guy Phillip we'll have to add him first !
Clicking on Next, sets the required permissions or the delegations for the IT user Phillip to reset the Sales team girl sophie's password - Now let's RDP into Phillips system to unleash his powers :)
But the catch is the IT user Phillip doesn't have enough privileges to open the Active Directory Users and Computers application - So we'll have to use powershell inorder to reset sophie's password
So now we've successfully reset the password, but we as Phillip (IT guy) don't have any rights to communicate the Sales team sophie user, so we wouldn't want Sophie to keep on using a password we know, we can also force a password reset at the next logon
Last updated
