Delegate Ability to Authorize DHCP Servers to a Non-Enterprise Administrator

Applies To: Windows Server 2008

You can use this procedure to delegate the ability to authorize DHCP servers to a non-enterprise administrator.

Membership in the Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review the details in "Additional considerations" in this topic.

To delegate ability to authorize DHCP servers to a non-enterprise administrator

1. Open Active Directory Sites and Services while logged on as an enterprise administrator.

2. On the View menu, click Show Services Node.

3. In the console tree, click NetServices.

4. On the Action menu, click Delegate Control.

5. In the Delegation of Control Wizard, click Next.

6. On the Users or Groups page, click Add.

7. In the Select Users, Computers, or Groups dialog box, under Enter the object names to select, type the name of the user you want to add to the DHCP Administrators group, and then click OK. To add multiple users in one operation, type user names separated by semicolons, and then click OK. When you finish adding users, click Next.

8. On the Tasks to Delegate page, click Create a custom task to delegate, and then click Next.

9. On the Active Directory Object Type page, under Delegate control of, click This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.

10. On the Permissions page, under Permissions, select the Full Control check box, and then click Next.

    This enables access control rights to the user or group account that you delegated in this procedure so that the user or group can add, modify, or delete new objects of DHCP class type in the NetServices folder.

Additional considerations

To be logged on as an enterprise administrator, you must log on using a member account in the Enterprise Admins group.