![]() ![]() An object can be contained in only one OU, although from a hierarchical point of view, an object can have multiple parent OUs.You can use ACLs to set authorization settings on OU objects. Also, you can't delegate administrative tasks to an OU, which makes an OU different from a group. An OU is an AD container object used primarily to organize AD objects in a hierarchical way and to delegate control over these objects to different administrators. ![]() ![]() When dealing with OUs, you must always keep the following in mind: You can delegate the administrative control over the objects that are contained in an OU. Organizational units (OUs), AD's container objects, are an important enabler for the administrative delegation of AD objects. By facilitating the decentralization of administration, AD administrative delegation can increase administrative efficiency, reduce administrative costs, and improve the overall manageability of large IT infrastructures.ĪD delegation is possible thanks to the AD authorization model, which supports fine-grained AD object permissions and inheritance of permissions from AD parent objects to child objects. A good example of a scenario in which AD delegation is useful is giving Help desk administrators just enough rights to let them reset the passwords of AD user accounts. AD delegation is a must when you want to easily divide up and assign administrative control over a large number of AD objects (users, computers, printers, sites, domains, and so on) among multiple administrators. Active Directory (AD) administrative delegation is the ability to delegate Windows AD infrastructure-related administrative tasks to a particular administrative account or group. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |