Maybe you want the help desk team to have the ability to manage user account objects throughout active directory, but you don’t want to make them members of the domain admins group. Active templates allow administrators to quickly create and manage sets of permissions to apply to objects in Active Directory. In this example I will be granting Full control to the Boca Raton (OU) Organizational Unit for my Boca Raton OU Admin group, so that they can manage the OU and all child objects.
Within the Active Administrator console, click Security & Delegation | Active Templates and then click “New”.
On the wizard welcome page, click “Next”.
This is where you set the name, category and description for the new Active Template, and then click “Next”.
Select the permissions for the new Active Template:
- From the “Forest” list, choose a domain.
- From the “Applies to” list, choose how to apply the template security. Example: Common object types, all object types on the system, or an inheritance level.
- From the “Classes” list, select the object.
The next step is to create a new delegation for the Active Template from the Delegations drop down menu.
Select the users or groups to apply the delegation to, and then click “Next”.
Select the paths or objects to apply the delegation to, and then click “OK”.
Set the delegation options, and then click “Next”.
Review the summary details, and click “Finish”.
Click “Delegation Status” to view the status.
Securing Active Directory has always been a challenging and complicated job. Active templates make administering permissions to AD objects a very simple yet powerful task!