Friday, June 4, 2010

What are the most commonly delegated administrative tasks in Active Directory?

Active Directory provides a highly fine-grained delegation model and in fact a large number of administrative tasks can be delegated in Active Directory. In practice however, there are some administrative tasks that are delegated more often than others because they are delegatable and easy to delegate.

Here are some of the most commonly delegated administrative tasks in Active Directory -
  1. Creation and deletion of domain user accounts
  2. Resetting domain user account passwords
  3. Disabling and enabling of domain user accounts
  4. Unlocking domain user accounts
  5. Creation and deletion of domain security groups
  6. Changing domain security group memberships
  7. Changing domain security group scopes
  8. Changing domain security group types
  9. Creation and deletion of organizational units
  10. Linking and unliking of GPOs to organizational units
  11. Creation and deletion of service connection points
  12. Changing a service connection point keywords
Active Directory also provides the tools necessary to delegate and undelegate these tasks, although doing so precisely requires intimate knowledge of Active Directory ACLs and the Active Directory Security Model.

Monday, May 24, 2010

What is Active Directory's role in delegating administration in Windows?

Active Directory is the foundation of identity and access management in a Windows Server based IT infrastructure, because all vital IT components are stored, protected and managed in Active Directory –
  1. User Accounts - used to identify and authenticate users and allow authorized and auditable access.
  2. Computer Accounts - used by users to create, store and collaborate in computing activities.
  3. Security Groups - used to provision and facilitate authorized access to information assets.
  4. Group Policies - used to specify, control and protect organizational computers.
  5. Domain Policies - used to protect vital user accounts and passwords.

These components are all stored and protected by Active Directory's security model, and responsibilities for all aspects of IT management related to managing user accounts, security groups, organizational computers and their security policies, helpdesk operations, etc. are all delegated in Active Directory.

Tuesday, May 11, 2010

Delegation of Administration and this Blog

Microsoft's Active Directory provides an enterprise-grade, scalable and distributed directory service with which organizations can centrally manage and share information about various IT resources.

Active Directory thus plays a major role in accomplishing the business goals of an organization, and the ability of an organization's IT admins to successfully manage Active Directory has a direct bearing on the organization's ability to accomplish their goals.

Delegation of administration, a key capability of Active Directory, provides the means to successfully manage the various aspects of IT management, ranging from identity management to the management of management an distributed access to shared resources.

In this blog, as an experienced Windows IT admin, I will cover various issues involved in delegating administrative responsibilities. This information will hopefully help you better understand, implement and manage administrative delegation in your environment.