Hi,
I am trying to delegate administration in AD but when my delegated user tries to either load the main ADUC or a customized MMC the message below appears.
I have a user called pre-config which is currently in the BuiltIn administrators group, is purely used for configuring delegation, the user who is being delegated access to TestOU is adm-test, i have delegated several things, and even added the user directly to the ACL of the OU and gave him full control, yet he still gets this error message. I added the user to the DNSAdmins and when the adm-test user loads the DNS snapin it says access denied.
i am trying to ensure that adm-test is not a member of any of the privileged groups; BA, DA, EA, SA but still has access to do things... it looks like the user can't even load up the main root of the tree. the test user can login to a client machine with no issues though
Steve