If you want to delegate the rights to manage the stuff handled with AD S&S you need to delegate the "manage replication topology" to the right group. Site management is a task performed at forest level so delegating this right means delegating the rights for the complete forest.
Thinking about it ... you could try to limit the role of creating sites to limited number of users/groups and the give specific admins only the rights to manage these specific objects (i.e. attaching subnets to this site). However !!! be really conservative with the delagtion of this right. Doing the wrong stuff can screw up your complete AD (in all domains within the forest). I personally prefer limiting this task to a very limited amount of people. Cheers! John -----Original Message----- From: Ravdal, Stig To: [EMAIL PROTECTED] Sent: 20-11-2003 18:17 Subject: [ActiveDir] Managing Sites in Forest with Empty Root Hi all, I'm a newbie to the forum and I think that this is the right place for this question. I have setup new forest using an empty forest root (first domain/tree in forest). In the forest I have an operational domain the second domain in the forest (and the first of three such single domain/single trees that will reside in the forest in addition to the empty forest root). What I would like to do is allow the first operational domain to manage sites & services. I do not want the empty forest root to do any administrative tasks beyond holding the "keys to the kingdom" No users or computers will reside in the empty forest root domain. How can I delegate the control of the Sites and Services? Also can I delegate the control of sites and services such that each domain/tree in the forest can do their own site management? Thanks, Stig ________________________________________________________________________ ___ This message contains information that may be privileged or confidential and is the property of the Cap Gemini/Ernst & Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. ________________________________________________________________________ ___ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
