Grant Rights to Create Users
In order to grant permissions to create users in Active directory, you need to create a Security Role, specify necessary permissions, and assign this Role to users or groups who will be allowed to create users. Then you need to specify where these users or groups are allowed to exercise permissions granted by this Role.
Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Security Role. The Create Security Role wizard will open.
Enter the name for the new Role, and click Next.
Here you need to specify permissions the new Role will grant. Clicking the Add button will display the Add Permissions dialog.
In the Operations on child objects section, check the Create Child Objects permission in the Allow column.
Now we need to specify what types of child objects the Role will allow creating. Click Select object types and select User as shown in the figure below. Click OK.
Optionally, add the Read permission
In the Add Permissions dialog, select the Read permission in the Allow column of the General permissions section. Click OK.
In the Role Permissions window you should see the permissions you have just specified. Click Next.
Here, at the Assign Role page, specify users or groups to which you want to assign the new Role. To quickly find a user or group, type its name in the search field. Click Search and select the user or group you need in the search results.
Clicking the Assign button will display the Role Activity Scope dialog. Here you need to select the location, where the selected user or group will be able to create users.
You can select one of the following items:
All Objects - select if you want to allow the selected users or groups to
create users in any AD domain managed by the Adaxes service.
- Specific Domain - select a specific AD domain if you want to allow the selected users or groups to create users in any location of the AD domain you specify. When selected, you will need to specify the assignment scope in the Assignment Options dialog.
- OU or Container - select a specific organizational unit or container if you want to allow the specified users or groups to create users in the selected OU or container. Once selected, you will need to specify the assignment scope in the Assignment Options dialog.
Select the object you need and click Add. When finished, click OK.
When specified, your assignment will be displayed in the Assignments list. Click Finish.