ADDS – How-to delegate enable / disable AD account permission

Hi There !

This blog post will drive you through actions required to delegate permissions to user(s) or group(s) the rights to enable / disable a user account in Active Directory.

The following actions are fairly simple but the allow you to control exactly which actions can a group of people do in your organisation.

Select the OU where the delegation will be applied and right click and click on Delegate Control…









This will open the Delegation of Control Wizard, click on Next…

Then you’ll have to select the Group(s) or / and User(s) you want to delegate rights to.




Select Create a custom task to delegate and click Next >







Select Only the following objects in the folder and go straight down to User objects and click Next >







Select both General & Property-specific, scroll down and select Read userAccountControl / Write userAccountControl








Click Next & Finish and your delegation is applied.



David Gaillard

Leave a Reply