Article ID: 235531 - View products that this article applies to.
This article was previously published under Q235531
Microsoft Windows 2000 and Microsoft Windows Server 2003 include a Delegation wizard to facilitate the delegation of administrative rights over containers within Active Directory.
The Delegation wizard functions by providing administrators with a set of dialog boxes designed to specify the following items:
It is important to note that the Delegation wizard does not provide functionality to remove access control entries. If an administrator wants to reverse configuration settings created with the Delegation wizard, he or she must manually gain access to the Security Settings dialog box for the affected organizational unit and remove all added entries.
The following example demonstrates how the Delegation wizard creates access control list entries as a result of options selected:
For more information about this topic in Windows 2000 Server, visit the following Microsoft Web site:
Best practice Active Directory Design for managing Windows networksFor more information about this topic in Windows Server 2003, visit the following Microsoft Web sites:
Best practices for delegating Active Directory administration: How delegation works in Active Directory
Best practices for delegating Active Directory administration: Case study: a delegation scenario
Article ID: 235531 - Last Review: October 11, 2007 - Revision: 2.7