Hi Everyone,

I am interested in learning if there are any security risks associated with with delegating administration of an organizational unit. Our company is expanding and we are in the midst of setting up an office in another city.

We anticipate about 30 ought people to be working in this branch, and local management there has requested that an on-site admin be allowed to manage all locally based domain user accounts and computers.

We are thus thinking of creating a new OU for this city and delegating Full Control over the OU to the local admin. Our thinking is that doing so would allow them the ability to manage all the domain user accounts and computers in that OU.

Should this be alright, or should we be delegating administration more precisely (i.e. delegate only individual tasks), or should we be doing something else in addition to ensure  that any security risks are minimized.

I would be interested in your thoughts on this issue.

Thank you in advance.

Kind Regards,
Abdul

-- Edited by Abdul on Thursday 10th of June 2010 08:47:35 PM

-- Edited by Abdul on Thursday 10th of June 2010 08:47:56 PM