How to add a group to the Managed By field


The Managed By field in the AD group properties allows to grant permissions to a person, who will be able then to change the list of group members. What if I need to grant such permissions to another or the same group? At the first sight it is easy: click on Change button and select the group. Well, my object picker allowed me to select either a user or a contact. The internet search led me to the conclusion that I could not select a group for the Managed By field. However, it is possible

In the KB829756 article Microsoft says that this is a problem in all Windows Server 2003 editions. Hotfix is provided and can be requested on this page and this hotfix is offered for Windows Server 2003 SP1. Therefore, the issue must be fixed in SP2! I logged into one of our domain controllers (usually I use ADUC tool off of my XP workstation) and could easily add a group to Managed By. But why could I not do that on my XP machine? Because I used the older version of Admin Pak. The most recent version of Windows Server 2003 SP2 Admin Pak (http://www.microsoft.com/downloads/en/details.aspx?FamilyId=86B71A4F-4122-44AF-BE79-3F101E533D95&displaylang=en) resolved the issue for my XP as well

Active Directory management tools restrict security principals that are allowed by the ManagedBy attribute

Advertisements

One Response to How to add a group to the Managed By field

  1. Charly says:

    Thanks!!! It fix!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: