Skip to main content


Showing posts from September, 2018

Delegate DHCP Authorization

When delegating DHCP administration to an non Enterprise Administrator, you can use the build in Active Directory group DHCP Administrators to accomplish this task, but authorization of the DHCP server require additional permissons in Active Directory:

The delegation of authorization and unauthorization of DHCP servers is two-fold.
1. Granting permission to create/delete dHCPClass objects.
2. Granting permission to change all properties of the existing dHCPClass objects.

When this is done its is really possible to delegate DHCP administration!

In the following powershell script all the tasks will be done.

Grant-ADPermission -GroupDistinguishedName 'CN=DHCP Authorization,OU=DomainLocal,OU=Groups,OU=a00,OU=01000,DC=coremans,DC=internal' -AdRights "CreateChild", "DeleteChild" -AccessControlType Allow -Inheritance None -ObjectType "Dhcpclass" -InheritedObjectType AllObjects -AdObjectDN 'CN=NetServices,CN=Services,CN=Configuration,DC=coremans,DC=int…