- Create a Domain Global Group that represents the administrators for the OU
- Create a logon script that checks and adds the administrators for the OU to the local administrators group of the workstation (this will require that the local users are administrators or the use of an account that has administrative access already like someone in Domain Admins)
- Create a group policy that assigns this specific logon script and assign it to the OU
- To provide particular people administrative access to the machines in the OU you only need to add them to the group you created in step one.
Dig deeper on Microsoft Active Directory
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.