How to Delegate Disable Account Permissions to AD Users

How to Delegate Disable Account Permissions to AD Users

Delegate Disable Accounts Permission in Active Directory

Delegation has been the sharpest tool in an IT administrator's bag. It has saved both time and money by bestowing rights to a group of people dedicated at taking care of particular administrative tasks, be it unlocking user accounts, resetting passwords, or enabling the need levels of access permissions. However, these tasks may not just strictly be associated to help desk staffs. Another useful delegation scenario is to delegate department managers with the permissions to carry out everyday administrative IT tasks such as granting permissions, unlocking users, enabling RDP, and disabling accounts. 
To do that, one simple has to follow these steps: 
  1. Select users or user groups that are to be delegated.
  2. Open the ADUC, find your domain tree and browse to the topmost level that you wish to apply user permissions,  and select Delegate Control.
  3. At the Welcome dialog, click Next.
  4. At the Users or Groups dialog box, click the Add... button. You will be prompted to add a user or group to which you will apply delegated rights.
  5. At the Select Users, Computers, or Groups dialog box, either type the name of the manager who you want to delegate permissions to or click Advanced > Find to locate the manager's user account that you wish to apply permissions to.
  6. Once you've selected your resource(s), click OK at the Select Users, Computers, or Groups dialog box, then click Next at the Users or Groups dialog box.
  7. Delegate your tasks.
  8. At the Tasks to Delegate dialog box, you can select from a wide assortment of tasks to assign to your users. If you only want to delegate the task of disabling users, ensure that the Delegate the following common tasks radio button is ticked and select Disable User Accounts and click the Next button.
  9. Complete the Delegation of Control Wizard.
Once you've finished delegating your tasks, you can click the 'Finish' button at the Completing the Delegation of Control Wizard dialog. Now the manager you delegated the task to should be able to disable AD user accounts. 



    • Related Articles

    • How to Delegate AD Rights to Users

      Delegating Administrative Privileges to Users in Active Directory AD delegation lets administrators grant users or groups certain permissions without having to add them to privileged groups like Domain Admins and Account Operators. You can delegate ...

    • Delegate Password Reset Permissions in Active Directory

      Delegating Permissions to Reset User Account Passwords Delegation can help administrators save ample time and help them concentrate on more tedious tasks at hand. This is no different when it comes to delegating password resetting capability. ...

    • Account Policies

      Even though, AD has implemented strong authentication protocols like Kerberos to protect sensitive information stored in the directory, a malicious user, can still break into the directory by gaining knowledge of the username and password of a user ...

    • Object permissions in Active Directory

      Permission in AD are privileges granted to users or groups to perform certain operations on objects. Permissions are usually granted by object owners or administrators. Users and groups are assigned permissions (to read, write, create child objects ...

    • PowerShell: How to Find Password Expiration Date for AD Users

      How to get AD Users Password Expiration Date Administrators working on a Windows environment are tasked with the important job of ensuring that user accounts with soon to be expiring passwords and password expired accounts are reported and taken care ...