Delegation. We have AD groups for our local techs to access only what they need to in AD, assigned at their local OU levels, for both comp and user accounts.
You can get pretty granular with it. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS From: Heaton, Joseph@DFG [mailto:[email protected]] Sent: Wednesday, February 29, 2012 1:21 PM To: NT System Admin Issues Subject: Roles in AD I know that Exchange has RBAC roles. Does AD itself have this type of functionality? We're trying to create least privilege type situation for our field support so that they can edit contact info, and reset passwords, and unlock accounts, but pretty much nothing else. Joseph L. Heaton Staff Information Systems Analyst Windows Server Support Information Technology Branch Department of Fish and Game 1807 13th Street, Suite 201 Sacramento, CA 95811 (916) 323-1284 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
