Active Directory rights delegation – overview

Post migrated to:


7 responses to “Active Directory rights delegation – overview”

  1. Awinish says :

    Nice article Krzysztof Pytko.

  2. Mcosy says :


    I just follow your post but the user can not reset account or password ( grayed out) My DC is 2008 R2 and user was account operator group before .

    1. Create dlg-it
    2. Create gg-it ( Add dlg-it -Member of)
    3. Create role-HElpdesk ( Add dlg-it) and user1 to memebers.
    4. Dellegate to IT User OU but i cannot reset or change anything in this ou?



    • iSiek says :

      OK, that’s good. Can you tell me please what kind of permissions did you assign to that group delegated into OU ?


  3. Anbarasu says :


    I used the same method for delegating access to group of users, but the group of users were not able to modify user group (like adding to additional group) .Should this delegated user group assigned with specific set of permissions , if so which permission i need to select.

    Thanks in advance

    • iSiek says :


      what have you set up during control delegation? Have you consifured it on OU where those groups are located ?

      Thank you in advance for more details


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: