Administrator rights for specific OU

1. Login to as a Domain Admin / Deligated Rights
2. Access DSA.MSC & go as Instructed
3. Go to the OU –
4. Right click on the OU: “test”
5. Go to Advanced Security permissions and click Add and enter “localadmin”

Note: localadmin is user name.

6. Select “Create Computer Object”, “Delete Computer Objects” permissions
7.Click Apply and Ok
8. Validate the same in all Sub OU’s

Add user account local administrator group via Preferences gsmc.msc
10.Name it as  test policy
11.Edit GPO
12.Expand ->Computer Configuration->Preferences->Control Panel Settings->Local Users and Groups-
13.Click New Group
14. Select Action as Update
15.Group Name Administrators(Built-in)
16.Click ADD and add the user”localadmin”
17. Select Add to this Group
18.Click Apply and Ok
19. Disable User Configuration Settings in GPO
20.Force replicate the changes repadmin /syncall /APd


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: