-- Main.ctucker - 27 Sep 2006

CSCF Active Directory: Delegation of Authority, Standards and Practices

Up until very recently, all management in the Active Directory was handled through using some Domain Administrator account. These accounts were either the built-in Administrator account or the root account (created for automated account creation and password synchronization) or a personal domain admin account username-adm. All these accounts are members of the Domain Admins group and as such have broad powers.

Delegation of User Account Management In CS-TEACHING and CS-GENERAL

In both domains there is a security group named accounts_cs. Members of this group have been given special account management powers in the Users OUs in both domains.

Delegation of Computer Account Creation (Membership) In CS-GENERAL

In CS-GENERAL there is a universal group called domain_join_cscf in the CS\CSCF OU. This groups has been granted the right to add and delete computers from the CS-GENERAL domain.

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2007-03-30 - ClaytonTucker
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback