Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand

The Active Directory team maintains a set of PowerShell scripts at https://github.austin.utexas.edu/eis1-aad/RequestsByAttribute to assist department administrators with this process. These scripts must be run on a Windows system joined to the Austin Active Directory and the system must have the Active Directory PowerShell module installed.

  • Get-ADRequests.ps1 - displays the pending requests for a department
  • Get-ADResults.ps1 - displays the results of any requests for a department
  • Add-ADDelegationRequest.ps1 - submits a new delegation request for a department
  • Remove-ADDelegationRequst.ps1 - remove a pending delegation request for a department

Request a delegation

  1. Download the scripts in the RequestByAttribute repo to a local directory.
  2. Start a PowerShell session as a department administrator. 

    Info

    Complete the following steps in this PowerShell session unless instructed otherwise


  3. Navigate to the directory where the RequestByAttribute scripts are located.
  4. Run the following commands to request a delegation: 

    Info

    The following example would submit a request to grant the Computer delegation to the EXAMPLE-ComputerAdmins on the OU=Computers,OU=EXAMPLE,OU=Departments,DC=austin,DC=utexas,DC=edu organizational unit. The example must be run by a department administrator in the EXAMPLE department.


    Code Block
    .\Add-ADDelegationRequest.ps1 -Department 'EXAMPLE' -Action 'Grant' -Delegation 'Computer' -Principal 'EXAMPLE-ComputerAdmins' -Path 'OU=Computers,OU=EXAMPLE,OU=Departments,DC=austin,DC=utexas,DC=edu'


  5. Run the following commands to review the pending request: 

    Code Block
    .\Get-ADRequests.ps1 -Department 'EXAMPLE'


  6. Wait until a few minutes after the next hour. 

    Info

    Requests are processed every hour within the first few minutes.


  7. Run the following commands to review the results of the request: 

    Code Block
    .\Get-ADResults.ps1 -Department 'EXAMPLE'


How-To - Request a Delegation via ldapmodify

...