You can use the Delegation of Control Wizard to delegate administrative control of a particular domain or organizational unit (OU) to groups or individuals who are responsible for only that domain or OU. By delegating administration, you can make it possible for groups or individuals in your organization to perform tasks such as:

You can also help secure your network from accidental or malicious damage by limiting the capabilities of the groups or individuals to whom you delegate control.

To use the Delegation of Control Wizard, open the Active Directory Users and Computers snap-in, right-click the OU that you want to delegate control of, and then click Delegate Control.

Delegating management of users, computers, and other network resources

The following table lists references for more information about delegating Active Directory administration.

  Step Reference
Check box

Review best practice information for delegating Active Directory administration.

Best Practices for Delegating Active Directory Administration (http://go.microsoft.com/fwlink/?LinkId=93213)
Check box

Review a list of Active Directory administrative tasks for service administration and data administration, along with the permissions required to perform each task.

Best Practices for Delegating Active Directory Administration: Appendices (http://go.microsoft.com/fwlink/?LinkId=93214)
  • Ensure That DNS Clients Can Locate Domain Controllers by Configuring DNS Support for AD DS
  • Simplify Management of User and Computer Accounts by Using Group Policy to Apply Common Configurations