In our Active Domain we have delegated a security group to have the right to add computers to another OU. How do...
I "undelegate" that user group if the need arises?
We thought it would be better to place the users in the group, and delegate the group with the thought that it would be easier to change group membership than to manage individual users.
You are correct -- it's best to have functions and responsibilities assigned through group memberships rather than simply on a user-by-user basis. Un-delegating a responsibility from a group is as simple as deleting their privilege for that action from the Active Directory policy manager.
Dig Deeper on Microsoft Active Directory Design and Administration
Related Q&A from Serdar Yegulalp
This week, our expert answers the question of how to get DVD data off a disc, even if the user's PC doesn't have an optical drive.continue reading
This week, our expert answers a question on how to connect a phone or tablet to a USB drive with a micro-USB connector.continue reading
Open source and free suites such as LibreOffice and OpenOffice could save organizations money, but not effort in comparison with Microsoft Office.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.