Delegation User to change same object in Active Directory RRS feed

  • Question

  • Hi,

    I want delegate a user to change same object on OU of Active Directory. I use "Delegation Of Control Wizard" to enable this user but i don't find two object "CO" (Country) and "I" (City).

    where I find this object?


    Thursday, April 8, 2021 3:49 PM

All replies

  • I find solution for my problem. For view the objects "co" ad "l" I can edit file C:\Windows\System32\dssec.dat e change a value from 7 to 0 below section [user]
    Wednesday, April 14, 2021 7:36 AM
  • For more information about Microsoft solution can read article in شرکت apk

    Thursday, April 15, 2021 12:37 PM
  • To delegate control, first identify a specific user or (preferably) group with the right to join. Then, using Active Directory Users and Computers, perform the following tasks:

    Right-click the OU to add computers to, and then click Delegate Control.
    In the Delegation of Control Wizard, click Next.
    Click Add to add a user or group to the Selected users and groups list, and then click Next. We strongly recommend using a group, even if that group only contains one user.
    On the Tasks to Delegate page, click Create a custom task to delegate, and then click Next.
    Click Only the following objects in the folder,
    From the list, select Computer objects.
    Select the following options below the object list:
    Create selected objects in this folder
    Delete selected objects in this folder
    Click Next.
    In the Permissions list, select the General and Property-Specific check boxes.
    Select the required permissions shown in the table below.
    Click Next, and then click Finish.
    Read permissions are not absolutely required, but preferred since Write permissions are granted.
    Using a Write permission allows any value to be placed in the attribute without validation. Using only a Validated Write permission might be more secure. However, this might limit AD Bridge's ability to create hashed names when conflicts occur.


    Rachel Gomez

    Tuesday, December 27, 2022 6:33 AM
  • Thanks for sharing such a helpful post. Keep it up.

    Wednesday, December 28, 2022 1:44 PM
  • In Active Directory, delegation refers to the process of granting permissions to one user or group to perform certain tasks or functions on behalf of another user or group. Delegation can be useful in situations where it is necessary for a user to be able to perform certain tasks that they do not have the necessary permissions for, or where it is more efficient for a user to be able to perform certain tasks on behalf of another user. To delegate the ability for one user to change an object in Active Directory, you will need to follow these steps:

    1. Open the Active Directory Users and Computers snap-in.

    2. Navigate to the object that you want to delegate control over.

    3. Right-click on the object and select "Properties".

    4. In the Properties window, click on the "Security" tab.

    5. Click on the "Advanced" button.

    6. In the "Advanced Security Settings" window, click on the "Add" button.

    7. In the "Select User, Computer, or Group" window, type the name of the user or group that you want to delegate control to, and then click "OK".

    8. In the "Permission Entry" window, select the permissions that you want to grant to the user or group. You can choose to grant full control, modify, read and execute, read, or write permissions.

    9. Click "OK" to close the "Permission Entry" window.

    10. Click "Apply" and "OK" to close the "Advanced Security Settings" window.

    Keep in mind that delegation should be used carefully, as it can potentially allow users to perform tasks that they should not have access to. It is a good idea to carefully consider which tasks you want to delegate and to whom, and to regularly review and update your delegation settings as needed.

    Friday, December 30, 2022 1:20 PM
  • It sounds like you are trying to use the Delegation of Control Wizard in Active Directory to give a user the ability to modify certain objects in your organization's Active Directory. The objects you mentioned, "CO" and "I," are not standard objects in Active Directory and it is not clear what they refer to.

    It is possible that these objects are custom attributes that have been added to your Active Directory schema, in which case you would need to consult with your Active Directory administrator or the person responsible for managing your directory schema to find out more information about these attributes and how to access them.

    In terms of bookkeeping, it is important to keep track of any changes made to your Active Directory, especially when it comes to delegating control to users. This can help you maintain a clear audit trail of who has access to make changes to different objects in your directory, as well as ensure that only authorized users have the ability to make changes.

    Sunday, January 1, 2023 7:44 AM
  • C:\Windows\System32\dssec.dat e change a value from 7 to 0 below section [user]
    Sunday, January 1, 2023 1:26 PM
  • Thanks ..such a helpful information...
    Friday, January 13, 2023 1:07 PM