• Renan Antonio Rodrigues

How non-administrator users can manage security Active Directory groups

Updated: Mar 30, 2019

If you are looking for the possibility to grant rights to a non-administrator user to manage a security Active Directory group membership, but don't want give him access to Active Directory Users and Computers snap-in, this post shows how to do that in an easy way.


Delegating Membership Management with the Managed By Tab


1 - The easiest way to delegate membership management of a single group is to use the Managed By tab of a group object’s Properties dialog box, as shown below:


2 - Now, the end user is able to manage the group. To do it, he needs to open the Network window, and then, click on the button Search Active Directory, as shown below:



3 - Next, the window Find Users, Contacts, and Groups will appear. The user will need to type the group’s name and click on "Find Now" button. After the group is found and selected, the user will be able to manage the group’s membership, as shown in the picture below:


4 - If the user tries to access and edit a group that he doesn't have permission to, the Add and Remove buttons will remain inactive for alteration, as shown below:



For any doubts or suggestions, please leave a comment below.

Follow me

© 2023 by Nicola Rider.
Proudly created with
Wix.com
 

  • Branca Ícone LinkedIn