Blog Of Directory Service
  • ···
  • Home
  • ···
  • ···
  • About Me
  • ···
  • ···
  • Contact Me
  • ···
  • ···
LinkedInTechNet
Post Page
Home/Blog/Post/

Manipulate delegation wizard in Active Directory

  • Post On 2014-10-22

Ever wanted to add your custom attribute to Delegation Wizard feature of Active Directory? Then you came to the right place. Sometime it can happen that default attributes of ‘Delegation Wizard’ are not just enough for you and you would like to add more options to it. In order to do that, you have to edit delegwiz.inf file which you can simply find it on a Domain Controller.

Ever wanted to add your custom attribute to Delegation Wizard feature of Active Directory? Then you came to the right place. Sometime it can happen that default attributes of ‘Delegation Wizard’ are not just enough for you and you would like to add more options to it. In order to do that, you have to edit delegwiz.inf file which you can simply find it on a Domain Controller.

As you open the delegwiz.inf you will notice that there are nearly 13-14 predefined templates. Each of these templates is a task in delegation wizard. If you want to have a new task in default tasks of delegation wizard, you have to inject a new template to it.

Now we are going to insert a new task in default tasks of delegation wizard. In this tutorial we will allow modification of pager attribute. Each task in delegation wizard is pointed to a template in delegwiz.inf. So the very first thing to do is to append a template to the first line.

Templates = template1, template2, template3, template4

Now copy and paste the code below to the end of the file:

;---------------------------------------------------------

[template4]

AppliesToClasses=domainDNS,organizationalUnit,container

Description = "Create, Delete, and Manage Pager Attributes"

ObjectTypes = user

[template14.user]

pager=CC,DC

;----------------------------------------------------------

In the very last line you have to assign permissions to the attribute. Create Child (CC) and Delete Child (DC) is the most common permissions, though you can use Read Property (RP), Write Property (WP) and Full Contrll (GA).

Done! There is only one more step to do and that is saving the file and overwriting to the original location. But it is not possible! You cannot simply copy and paste the file to %systemroot%/System32 folder because you do not have the required permissions. Just change the owner to the administrator from TrustedInstaller and assign full control permissions and then you can overwrite it.

You can open delegation wizard and verify that the new template has been added!

undefined

Active Directory
  • (0)
  • (36)
Mahdi Tehrani

info@mahditehrani.ir

Leave a comment
Comments
Search
Categories
Concepts (4)
Group Policy (1)
Active Directory (13)
PowerShell (2)
Latest Posts

Why NTDS size is different on different Domain Controllers?

  • Post On 2018-05-28

Limit Active Directory user login to 1 session

  • Post On 2017-08-24

Protect your domain against WannaCry malware

  • Post On 2017-05-23

The auditor of auditors: 'LepideAuditor Suite'

  • Post On 2017-05-23

‘List Object Mode’ in Active Directory, a myth or future settings?

  • Post On 2017-04-23

Fix Group Policy error 1058

  • Post On 2016-04-22

Bulk change specific permissions for users

  • Post On 2015-04-23

Create Shadow Groups (Dynamic Groups) in Active Directory

  • Post On 2015-03-23

Manipulate delegation wizard in Active Directory

  • Post On 2014-10-22

Am I locked out? Where? How?

  • Post On 2014-10-22
!APP License
Copyright © 2022 TondarNet V1.0.0