To delegate permission for a domain user to:
- add new users to container
- change password
- modify group membership
- modify users properties (such as email / name etc)
- move users between OU's
- Right click on container and choose
Delegate Control
- When Delegation Wizard opens up click
Next
- On another page choose group you want to give permissions to and press
Next
- On next page
Create a custom task to delegate
and chooseNext
- Choose
Only the following objects in the folder
and go to the bottom of the list and chooseUser objects
. Choosing anything more then just one entry will not give you possibility of granular choice of properties to change. - Make sure to have
Create selected objects in this folder
checked and pressNext
- Choose:
- Read All Properties
- Write All Properties
- Read and write general information
- Read and write logon information
- Read and write phone and mail options
- Read and write web information
- Read and write Terminal Server license server
- Read and write remote access information
- Change password
- Reset password