What is site-based delegation and how to use it for effective AD management?

What is site-based delegation and how to use it for effective AD management?

Organizations can have multiple domain controllers (DCs) for various reasons such as offering a smooth experience for their Active Directory users and load balancing. When there are multiple DCs, a specific DC, which usually handles a major chunk of the load, has to be up to date at all times. One way to achieve this is ensuring all changes in AD are performed or authorized only through that specific DC. Specifying the order in which the DCs must be contacted, for AD operations, can be quite complex using native AD management tools. With ADManager Plus though, you can easily specify the DCs that must be contacted and also configure the order in which they must be contacted.

 

Let's suppose you have three domain controllers, DC-1, DC-2 and DC-3 configured for your domain in ADManager Plus, and the usual order of contact is DC-1, DC-2 and then DC-3. If for a particular site you want the product to contact  DC-2 first, and, in case of failure, DC-3 and then DC-1, you can predefine this order using ADManager Plus. If no DCs are selected for site based delegation, the changes performed by the help desk technicians will take place in the order of DCs listed under Domain Settings, and then in the other DCs.

 

How to perform site based delegation?

  1. Start ADManager Plus.

  2. Click on the Delegation tab.

  3. On the left pane, select Help Desk Technicians and click Site Based Delegation, on the bottom right corner.

  4. Select the domain. The left pane has a list of available OUs in the domain and the right pane has a list of configured domain controllers.

  5. Select the OU(s) for which you want to set up site based delegation. The corresponding Domain Controllers get listed in the order in which replication takes place. To change the order, select the desired DC, and move it to the required position using the arrow keys present at the top of the right pane.

  6. Check the Inherit to Child OUs option if you want the same order of domain controllers for the child OU(s) as well.

  7. Once the required order of domain controllers for replication has been set, click Save.

 

Tune in next week for another quick tip for better identity and access management!

Cheers,

Team ADManager Plus.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products