Want to throw this one out there, hopefully to avoid re-creating the Wheel.
Objective: Use Windows 2000 SP 3 AD delegation to allow Helpdesk Engineers administrative functions with leased privileges in getting the task done.
Task: To disable an Active User account and to move the account out from a Windows 2000 Security Group used as an E-mail DL to avoid NDR's.
As granular as AD Delegation appears to be, I was not successful in achieving the above Task, without granting unnecessary un-needed elevated privileges to the Helpdesk.
Has anyone been successful? Or Does anyone has written a web based VB script in allowing strict administrative functions? Or is there another method? Purchasing a third party solution is not an option.
Objective: Use Windows 2000 SP 3 AD delegation to allow Helpdesk Engineers administrative functions with leased privileges in getting the task done.
Task: To disable an Active User account and to move the account out from a Windows 2000 Security Group used as an E-mail DL to avoid NDR's.
As granular as AD Delegation appears to be, I was not successful in achieving the above Task, without granting unnecessary un-needed elevated privileges to the Helpdesk.
Has anyone been successful? Or Does anyone has written a web based VB script in allowing strict administrative functions? Or is there another method? Purchasing a third party solution is not an option.
Thanks
[ reply ]