Information Technology Reference
In-Depth Information
Directory Users and Computers tool to move OUs between domains. To do this, use the
Active Directory Migration Tool (ADMT)
. This is one of the many Active Directory sup-
port tools.
Delegating Administrative Control
I already mentioned that OUs are the smallest component within a domain to which
administrative permissions and group policies can be assigned by administrators. Now
you'll take a look specifically at how administrative control is set on OUs.
Delegation occurs when a higher security authority assigns permissions to a lesser secu-
rity authority. As a real-world example, assume that you are the director of IT for a large
organization. Instead of doing all of the work yourself, you would probably assign roles
and responsibilities to other individuals. For example, if you worked within a multidomain
environment, you might make one system administrator responsible for all operations
within the Sales domain and another responsible for the Engineering domain. Similarly,
you could assign the permissions for managing all printers and print queue objects
within your organization to one individual user while allowing another individual user to
manage all security permissions for users and groups. In this way, you can distribute the
various roles and responsibilities of the IT staff throughout the organization.
Businesses generally have a division of labor that handles all of the tasks involved in
keeping the company's networks humming. Network operating systems (NOSs), however,
often make it difficult to assign just the right permissions; in other words, they do not sup-
port very granular permission assignments. Sometimes, fine granularity is necessary to
ensure that only the right permissions are assigned. A good general rule of thumb is to pro-
vide users and administrators with the minimum permissions they require to do their jobs.
This way, you can ensure that accidental, malicious, and otherwise unwanted changes do
not occur.
You can use auditing to log events to the Security log in the Event Viewer.
This is a way to ensure that if accidental, malicious, and otherwise
unwanted changes do occur, they are logged and traceable.
Search WWH ::
Custom Search