Delegating Control for the Organizational Unit
To allow another person who is not an Active Directory administrator to perform all of tasks in the evaluation, you can delegate control of the IBM Security organizational unit to that person. If you are an Active Directory administrator or a member of the Domain Admins group in the evaluation domain, you can skip this step.
To delegate control of the organizational unit for IBM Security
-
Open Active Directory Users and Computers and select the domain.
-
Select the top-level organizational unit for IBM Security objects, IBM Security.
-
Right-click, then select Delegate Control.
-
In the Delegation of Control wizard, click Next.
-
Click Add.
-
Search for and select the user or group for delegation, then click Next.
-
Select the tasks to delegate, then click Next.
At a minimum, select the following common tasks:
-
Create, delete, and manage user accounts
-
Reset user passwords and force password change at next logon
-
Read all user information
-
Create, delete, and manage groups
-
Modify the membership of a group
-
-
If you are delegating the task of joining computers to a zone, you can specify the scope of computers you can join to the zone; you pick a container in Active Directory to grant access to.
If you leave the scope blank, the scope is the domain root. Be aware that the postalAddress field is used for information about joining computers to azone; if you lookup the permissions for people you've delegated the task ofjoining computers to a zone, they'll have permissions to the postalAddress field for the affected computers.
-
Click Finish.