What Is Delegation of Control?
Delegation of Control is a process in which administrators delegate some administrative controls to the users who do not have administrative privileges but are technically qualified.
In medium or large-scale organizations it is assumed that administrators have created several organizational units and each organizational unit might also have several other child OUs in them. Since in many cases it becomes quite hectic and tedious for the administrators to manage every organizational unit and the objects contained in it, they sometimes delegate some administrative tasks to the users so that they can reduce some of their overheads.
When administrators delegate administrative controls to the users it doesn’t mean that they are giving them administrative privileges to perform the tasks. The user accounts that have been delegated administrative controls do not necessarily have to be the member of administrators group. They can be members of any standard domain users group or any other group that has been created manually by the administrators. In other words, delegation of control is useful when administrators want users to help them perform some administrative tasks even when they do not want to give them full-fledged administrative privileges. Controls can be delegated to the user accounts for an organizational unit, the entire domain, or any other folder.
Advantages, Disadvantages and Precautions While Delegating Controls
There are many advantages, disadvantages and precautions that administrators must know and take before they plan to delegate controls to the users. They are:
- Advantages: One advantage that Delegation of Controls process has is that administrators can remarkably reduce their overheads by transferring some of their administrative tasks to the users who they find smarter as compared to other users working in the organizations. Also, by delegating controls to other users or administrators they can create a hierarchal structure which can be helpful in managing the entire network of the organization. Another advantage that Delegation of Controls process provides to the administrators is that they can customize the controls which they want to delegate to the user accounts.
- Disadvantages: One disadvantage while delegating controls to the user accounts can be that if the users are inexperienced they can mess up the portion of the active directory domain to which they have been delegated the controls. In order to avoid these situations administrators must choose users wisely.
- Precautions: Administrators must make sure that the users to whom they plan to delegate controls do not get the privileges that they actually do not need. For example, if administrators plan to delegate Set or Reset Password controls to a user on an OU he must not get the privilege of adding or deleting user accounts.
How to Delegate Controls?
Administrators must follow the steps given below to delegate controls to the user:
- Log on to Windows Server 2008 R2 domain controller with Domain Admin or Enterprise Admin credentials.
- From the desktop screen go to Start > Administrative Tools > Active Directory Users and Computers.
- On Active Directory Users and Computers snap-in expand the name of the domain (TESTDOMAIN.COM in this example) and right click on the folder or organizational unit for which the controls are to be delegated.
- From the context menu click Delegation Controls and on Welcome to the Delegation of Control Wizard window click Next button.
- On Users or Groups window click Add button to add the desired user accounts or groups to whom the controls are to be delegated.
- Click Next button when added.
- On Tasks to Delegate window check the checkboxes representing the tasks that are to be delegated to the selected user accounts or groups and click Next button. Alternatively Create a custom task to delegate radio button can be selected to create custom tasks.
- On Completing the Delegation of Control Wizard window click Finish to finalize the process.
Click here to know more about Delegating Controls