I am looking to Delegate Control to ADUC for a newly designed helpdesk/desktop support role that won't have access to servers.
I understand what its doing, how to do it, etc, just can't get a clear picture of what rights to assign. Here is what I want the position to do:
- Create/delete/move users
- Create/delete/move computers
- Change group memberships
- Create/delete/move groups
- Update user information
Basically, I want them to have full control of users, computers and groups. Obviously, I don't want to just grant full control to the OU structure, but not sure what all permissions them give them without lots of trial and error.
I have googled around, but don't know if all the typical answers out there actually achieve what I am wanting. I know I can always grant and manually remove the permissions, but if I can get it right the first time its...
