To allow users to create objects in Active Directory, you need to grant them appropriate permissions with the help of Security Roles. In this tutorial, you will learn how to create a Security Role that will grant users the ability to create user accounts in Active Directory.
Launch Adaxes Administration Console, right-click your Adaxes service, point to New and click Security Role.
Enter a name for the new Security Role and click Next.
On the Permissions step, click Add.
In the Operations on child objects section, check the Create Child Objects permission in the Allow column.
To allow creation of user accounts only, click Select object types and select the User object type.
It is a good practice to add the Read permission to all Security Roles. It will ensure that users have the right to view the objects they manage. By default, the rights to view Active Directory objects are granted by built-in Security Role Domain User. It is recommended to add the Read permission because the default rights can be changed.
Click OK. On the Permissions page of the wizard, you will see the permission you have added.
On the Assignments step, click Add to assign the Security Role to users.
Select the users and groups whom you want to assign the permissions to, and click Next.
Select where in Active Directory you want the selected users to be able to create user accounts.
Select the following items:
All Objects - select to allow users to create user accounts in any Organizational Unit in any domain managed by Adaxes.
Specific Domain - select to allow users to create user accounts in any Organizational Unit within a domain.
OU or Container - select to allow users to create user accounts in an Organizational Unit or container.
When done, click Finish to complete the Assign Role wizard.
Click Finish to complete the Create Security Role wizard.