-- Main.ctucker - 27 Sep 2006
CSCF Active Directory: Delegation of Authority, Standards and Practices
Up until very recently, all management in the Active Directory was handled through using some Domain Administrator account. These accounts were either the built-in
Administrator account or the
root account (created for automated account creation and password synchronization) or a personal domain admin account
username-adm. All these accounts are members of the
Domain Admins group and as such have broad powers.
Delegation of User Account Management In CS-TEACHING and CS-GENERAL
In both domains there is a security group named
accounts_cs. Members of this group have been given special account management powers in the
Users OUs in both domains.
Delegation of Computer Account Creation (Membership) In CS-GENERAL
In CS-GENERAL there is a universal group called
domain_join_cscf in the
CS\CSCF OU. This groups has been granted the right to add and delete computers from the CS-GENERAL domain.