Chapter 1: Delegation of Administration Overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Active Directory serves as a central information repository in a Windows-based network infrastructure, It stores identity, authorization, and application-specific information, service-publication and discovery information, and directory service configuration data. It is an inherent part of distributed security and identity management, and plays a key role in the manageability of a Windows Server–based enterprise.

Active Directory administration involves many different operations, which must be distributed among many administrators in a large organization. Delegation of administration, a key capability provided by Active Directory, provides scaleable identity, security, service and data management across the enterprise. Through delegation of administration, organizations can increase security and efficiently manage IT resources while meeting administrative requirements. By increasing administrative efficiency and decentralizing administration, delegation reduces administrative costs and improves manageability of IT infrastructures.

Delegation of administration is the transfer of administrative responsibility for a specific administrative task from a higher authority to a lower authority. From an operational perspective, delegation of administration involves a higher-level administrator conferring upon a lower-level administrator the authority to carry out a specific administrative task. From a technical perspective, delegation of administration involves a higher-level administrator granting a controlled set of permissions to a lower-level administrator in order to carry out a specific administrative task.