[Samba] role delegation
Rowland Penny
rpenny at samba.org
Fri Oct 29 21:55:58 UTC 2021
On Fri, 2021-10-29 at 16:34 -0500, Patrick Goetz via samba wrote:
> I would like to have a user with limited domain admin capabilities;
> namely the ability to add new users and add users to groups, with
> the
> ideal being to also able to help users reset their password and
> create/delete groups. But this user would not be able to create
> OU's,
> edit Group Policy, or do anything else other than work with users
> and
> groups. Is such a thing even possible?
Are we talking about doing this on Linux ? if so you could create a
group and then give this group the privileges required. Run (as root):
net rpc rights list privileges -Uadministrator
For a complete list of the available privileges.
>
> A related and much easier (let's call it dumb, should have RTFMed)
> quesetion, is what's involved in making other users full domain
> admins?
You gave the answer yourself, add the user to the Domain Admins group
(or Administrators)
Rowland
More information about the samba
mailing list