user permissions issue

billybob01

I have 4 users in our IT department and i need these users to be able to create user accounts using ADUC. I thought i would delegate control to these users on the various user groups we have but they still are unable to create user accounts? These users use to be in the Domain Admins group so i also created a group with modify rights and placed the users into the group, set this group as the Primary group and removed Domain Admins and by using Calcs have applied the group to the hundreds of folders we have in our company. What am i missing?

elover_jm

To delegate an object, open the Active Directory Users And Computers console, locate and right-click the object, and choose Delegate Control from the context menu to start the Delegation Of Control wizard. After you select the users or groups to which you want to delegate administrative control, the wizard displays a list of common tasks that you can delegate, select Creating, deleting, and managing user accounts .

gojericho0

Have you given that group the ability to Create User Objects for the given OU or Domain?

blargoe

Use the delegation of control wizard.

billybob01

I have used the delegation of control option only on the OU`s that require user accounts to be created. I made a group just for these users so that they only have modify rights on the network folders ( as they need to copy info from one folder to the next) and took them out of Domain Admins and added them to this new group of which i made the primary group before removing Domain Admins!! Have i missed something? Then yesterday one of the users complained that they could`nt create a user, she got as far as the Exchange section to create the mailbox but the bottom option ( i cant remember) was greyed out!!

blargoe

For exchange you have to have the exchange admin tools installed to get the options to work with mail options in active directory users and computers