The Delegation request type enables a department administrator to modify modify permissions on an organizational unit in a department OU. A department administrator can submit a delegation request to add grant or remove revoke one of the defined permissions sets called delegations which are detailed in the Delegations Available section below. A department administrator can request multiple delegations by submitting multiple requests.
Delegations Available
The following delegations are available via REBA:
...
Delegation Name
...
Object Types
...
Description
...
to an existing group in Active Directory. The supported delegationsare defined on the following page:
Delegation Request String
The request string for a delegation request is a JSON string that contains the following properties:
Delegation Result String
The result string for a delegation request is a JSON string that contains the following properties:
Scripts
The Active Directory team maintains a set of PowerShell scripts at https://github.austin.utexas.edu/eis1-aad/RequestsByAttribute to assist department administrators with this process.
- New-ADDelegationRequest.ps1 - creates a new delegation request for a department
- Remove-ADDelegationRequst.ps1 - remove a pending delegation request for a department