Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand

The Active Directory team maintains a set of PowerShell scripts at https://github.austin.utexas.edu/eis1-aad/RequestsByAttribute to assist department administrators with this process. These scripts must be run on a Windows system joined to the Austin Active Directory and the system must have the Active Directory PowerShell module installed.

  • Add-ADDelegationRequest.ps1 - submits a new delegation request for a department
  • Remove-ADDelegationRequst.ps1 - remove a pending delegation request for a department

Request a delegation

  1. Download the scripts in the RequestByAttribute repo to a local directory.
  2. Start a PowerShell session as a department administrator. 

    Info

    Complete the following steps in this PowerShell session unless instructed otherwise


  3. Navigate to the directory where the RequestByAttribute scripts are located.
  4. Run the following commands to request a delegation: 

    Info

    The following example would be run by EXAMPLE-abc123 who is a department administrator in the EXAMPLE department and to submit a request that would to grant the Computer delegation to the EXAMPLE-ComputerAdmins on the OU=Computers,OU=EXAMPLE,OU=Departments,DC=austin,DC=utexas,DC=edu organizational unit. The RequestedFor parameter notes that the example must be run a department administrator is requesting the delegation on behalf of the xyz789 userin the EXAMPLE department.


    Code Block
    .\Add-ADDelegationRequest.ps1 -Department 'EXAMPLE' -Action 'Grant' -Delegation 'Computer' -Principal 'EXAMPLE-ComputerAdmins' -Path 'OU=Computers,OU=EXAMPLE,OU=Departments,DC=austin,DC=utexas,DC=edu' -Principal 'EXAMPLE-ComputerAdmins' -Delegation Computer -RequestedFor xyz789


How-To - Request a Delegation via ldapmodify

...