ASSIGNING DOMAIN PERMISSIONS IN ACTIVE DIRECTORY

  • 27 July 2020
  • 2 replies
  • 933 views

Userlevel 2
Badge +1

Assign domain permissions to users through Active Directory.

Delegating permissions in Active Directory (AD) enables the administrator to assign permissions to unprivileged domain users and groups in the directory. Assigning a domain user an appropriate delegated permission ensures that the domain user can join a domain in Files.

You can apply a Files account delegation to a single organizational unit (OU). Apply the account delegation where Files stores the computer objects.

For information on delegating user permissions, see Delegating Administration of Account OUs and Resource OUs on the Microsoft technet website.

Note: Do not delete or disable the active Files machine account from the Active Directory.

Procedure

  1. Log into the Active Directory server as a domain administrator.

  2. Open Start > Active Directory Users and Computers (ADUC) window.

  3. From the list, select and right-click the organization unit that you are going to assign new permissions. Click Next.

  4. In Users or Groups window, click Add and select the user or group that is receiving the delegated permissions. Click Next.

  5. In Tasks to Delegate, select Create a custom task to delegate. Click Next.

  6. In Active Directory Object Type, perform the following and then click Next.

    • Select Only the following objects in the folder and check Computer Objects.

    • Check the boxes:

    • Create selected objects in the folder

    • Delete selected objects in this folder

  7. In Permissions, check the following and then click Next:

    • In Show these permissions, select General and Property-specific.

    • In Permissions, select the following permissions to ensure that AD includes the appropriate permissions.

      • Reset password

      • Read and write account restrictions

      • Read and write DNS host name attributes

      • Validated write to DNS host name

      • Validated write to service principal name

      • Write servicePrincipalName

      • Write Operating System

      • Write Operating System Version

      • Write OperatingSystemServicePack

  8. Click Finish.
    AD replication can take a few minutes to complete user delegation on all domain controllers.

For portal documentation: https://portal.nutanix.com/#/page/docs/details?targetId=Files-v35:fil-file-server-access-domain-t.html

 


2 replies

Badge +1

@ashwin.ramaswamy Thanks for sharing the information

Userlevel 2
Badge +1

Thank You @Sateesh  for the feedback!

Reply