How non-administrator users can manage security Active Directory groups
Updated: Mar 30, 2019
If you are looking for the possibility to grant rights to a non-administrator user to manage a security Active Directory group membership, but don't want give him access to Active Directory Users and Computers snap-in, this post shows how to do that in an easy way.
Delegating Membership Management with the Managed By Tab
1 - The easiest way to delegate membership management of a single group is to use the Managed By tab of a group object’s Properties dialog box, as shown below:
2 - Now, the end user is able to manage the group. To do it, he needs to open the Network window, and then, click on the button Search Active Directory, as shown below:
3 - Next, the window Find Users, Contacts, and Groups will appear. The user will need to type the group’s name and click on "Find Now" button. After the group is found and selected, the user will be able to manage the group’s membership, as shown in the picture below:
4 - If the user tries to access and edit a group that he doesn't have permission to, the Add and Remove buttons will remain inactive for alteration, as shown below:
For any doubts or suggestions, please leave a comment below.