Delegation of Active Directory administration (using Quest ActiveRoles Server)

1.0markwilson.ithttps://www.markwilson.co.uk/blogDelegation of Active Directory administration (using Quest ActiveRoles Server) - markwilson.itrich600338<blockquote class="wp-embedded-content" data-secret="BcWy7ekE6t"><a href="https://www.markwilson.co.uk/blog/2006/08/delegation-of-active-directory.htm">Delegation of Active Directory administration (using Quest ActiveRoles Server)</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.markwilson.co.uk/blog/2006/08/delegation-of-active-directory.htm/embed#?secret=BcWy7ekE6t" width="600" height="338" title="“Delegation of Active Directory administration (using Quest ActiveRoles Server)” — markwilson.it" data-secret="BcWy7ekE6t" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://www.markwilson.co.uk/blog/wp-includes/js/wp-embed.min.js /* ]]> */ </script> Recently, I’ve been working with a client who has an extraordinarily high number of users with domain administrator rights (i.e. those who are members of the Domain Admins group). The problem is historic and they are in the process of moving from Windows NT to Active Directory (AD); whilst AD allows for delegation of control … Continue reading