Wednesday, May 12, 2010

Active Directory Extended Rights

Active Directory is the central repository of domain user accounts, security groups and other vital IT components such as group policies and domain data.

While Active Directory has a simple securty model that uses basic simple permissions for controlling most administrative tasks, certain tasks require additional checking for security reasons.

For this reason, there exist special purpose rights in Active Directory, referred to as Extended Rights that allow IT administrators to easily control and delegate the ability to perform these special operations.

There are over 60 extended rights and their knowledge is useful and critical to maintaining security and delegating control in a secure manner. In this blog we will look at these extended rights and try to demystify them for you.