How to Delegate Control on Active Directory Windows Server 2016

In this article, I’ll show you how to delegate Control In Active Directory and all a specific user to only reset passwords to users.

In this case, My client asked me to delegate control In AD to a staff member that will allow him to reset the password to users that locked their AD account.

Lucky, Active Directory allows us to delegate almost any possible administrative task and today I’ll show you how to do that.

To get started, you will need to use a Domain Admin account to set this up If you are, Open Active Directory Users and Computers -> Right click on the domain name and select Delegate Control

In the Users and Group click Add and Add users or groups

In the Task to Delegate, select the task and click next to finish the wizard

Done, Ask the user to log off and log on again to get the new delegated permissions

1 thought on “How to Delegate Control on Active Directory Windows Server 2016”

  1. Hi

    Is there any way the user who has the Delegation to do administrative tasks, do them from their workstation without logging into the server? i.e user “Kal” had be granted delegation to add new domain users, can “Kal” add new domain users from his windows 10 workstation or does he need to login to the domain controller to do these tasks?


Comments are closed.