How to modify users that have been delegated control over an Active Directory OU

active-directory

We made the mistake of Delegating Control over an OU to a user rather than a group.

We would like to correct this by removing the user from the OU's delegated control, but can't find where to modify this.

We can't even find the list of users who have received delegate control over the OU.

How do we get to this in Active Directory?

Best Answer

Within Active Directory Users and Computers (ADUC), go to View and select Advanced Features. Then right click on the OU you'd like to edit and choose Properties, select the Security tab, and then remove the user you accidentally delegated rights to.

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

try

dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members

How to find new Active Directory accounts that have been made in the last 90 days

For posterity, dsquery is designed for this kind of search. AD does keep a 'whenCreated' field, which makes it easy to search with your tool of choice.

dsquery * -filter "(whenCreated>=20101022083730.0Z)"

As an example. You can programatically create the timestring based on now - 90days.

Best Answer

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

How to find new Active Directory accounts that have been made in the last 90 days

Related Topic