Managing Active Directory Group Membership with a Non-Administrator Account In Server 2008

Posted by Laranostz on Server Fault See other posts from Server Fault or by Laranostz
Published on 2011-06-24T23:09:48Z Indexed on 2011/06/25 0:24 UTC
Read the original article Hit count: 415

I am running Server 2008 R2 in an Active Directory Domain Environment.

I have created a group in Active Directory and I have delegated management authority to that group to a user.

I want this user to be able to add and remove accounts as needed from that group so that they are exercising some measurement of control without giving them other authority.

When I have the user attempt to access the Active Directory Users & Computers Console it prompts them for Administrator credentials. They are using Remote Desktop to access the server, because they do not have Windows 7, and firewall rules prevent using the Remote Management Kit.

I do not want to provide them with any level of Administrative rights except the minimum required for them to add/remove users from this group.

There are two servers that 'talk' to each other in this isolated environment, a domain controller and a member server, both are only reachable through RDP.

Any suggestions?

© Server Fault or respective owner

Related posts about active-directory

Related posts about windows-server-2008-r2