One possible reason why the delegation wiz didnt allow delegation of HelpdeskID to a user, could be if that userid is applied some security policy that is clashing wif the security policy of HelpdeskID. This happens a lot in ADs where there are policies that "start from zero and add permissions" and "start from full control and remove permissions" mixed together. Very easy to get policy conflicts.
Easiest I can think of now is to create a group in the same OU as HelpdeskID. Delegate HelpdeskID to that new group. Add whichever userid that needs this delegation into that group. Easier to manage. Otherwise, you'll lose track of which userid has HelpdeskID delegation.
Actually, a specific HelpdeskID is not needed in the first place, right? As the global group will achieve the same.
Comments 8
Reply
Reply
(The comment has been removed)
Reply
me no expert la... simple queries can... complicated queries i need to refer to SA already... :P
Reply
e.g how to delegate a HELPDESK ID for example
i use delegation wizard
some user's security have the HELPDESK
some doesnt
Reply
Easiest I can think of now is to create a group in the same OU as HelpdeskID. Delegate HelpdeskID to that new group. Add whichever userid that needs this delegation into that group. Easier to manage. Otherwise, you'll lose track of which userid has HelpdeskID delegation.
Actually, a specific HelpdeskID is not needed in the first place, right? As the global group will achieve the same.
Reply
how to find out which policy actually conflicting!?!?! :O
can i force permission and overwrite all?
actually i have Helpdesk OU and put several user inside the OU
and delegate this OU out
but some userid doesn';t have this OU in the security policy :(
argghh
Reply
Leave a comment