In our Active Domain we have delegated a security group to have the right to add computers to another OU. How do I "undelegate" that user group if the need arises?
We thought it would be better to place the users in the group, and delegate the group with the thought that it would be easier to change group membership than to manage individual users.
You are correct -- it's best to have functions and responsibilities assigned through group memberships rather than simply on a user-by-user basis. Un-delegating a responsibility from a group is as simple as deleting their privilege for that action from the Active Directory policy manager.
Dig deeper on Microsoft Active Directory Design and Administration
Related Q&A from Serdar Yegulalp, WinIT
Frustrated admins have been dealing with extend.dat error messages since Outlook 97. Our expert sheds some light on this all-too-common Outlook error.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.