As part of my regular job, I was asked to do a few things in our corporate AD (based on Win2008 R2), that require the use of groups policy.
(like allowing access to certain user to certain functions on certain servers - not admin access, or giving a user [not admin] the permissions to move other users from one OU to another).
Anyway, I am a software developer as well as a network engineer. I know that AD is and what it's for but I have never used it prior to 2 days ago. I have learned the basics of creating OUs, thing related to managing users within the OUs but in order to perform the rather advanced things I am asked to I need to use the GPO. I have seen the GUI and adding new policy to an OU is easy but knowing which policy to add, how to configure it and what's possible at all is the difficult part.
Examples to what I need to achieve are: * Allowing access to certain user to certain functions on certain servers - not admin access *To give a user [not admin] the permissions to move other users (obviously not admins, maybe just users in a certain group) from one OU to another and so on.
I want someone to direct me to a website or resource to study the use of GPO for policy allocation for OUs or to any other resource that you may think be useful for me to achieve my needs.
Most of what I found online describes how to first set up AD but that's irrelevant for me - it's already set up in the company and works perfectly. I need to know where I can learn to do the things I mentioned in the examples above.
Thanks