The creation of a "Branch Admin"
By Vern Graner CNE
On occasion, political or technical forces may require you to create an area of your NDS tree that is under the complete control of someone else. In the days of BBSes this was commonly called a "SubOp" (as opposed to a SysOp). In those days, a SysOp would choose a knowledgeable person and delegate the maintenance of an area to them to reduce the overall workload on the sysop or to allow the more motivated person to operate an area of their interest.
As I started my Admin career as a SYSOP (the MUG BBS, 300bps on a C64 circa 1984!) I was familiar with the concept and had used it to my advantage many times. When I was faced with the challenge of delegating authority to faculty members for the school campuses I was responsible for, I decided to explore the concept to see if it was possible to make a "SubOp" for operating an area of the tree. Shown below are the steps to take to create such a user. I refer to them as RoomAdmin's but you could call them Branch Admins.
To implement a Branch Admin
- Make the group in the context you want to admin (RoomAdmin)
- Assign members (users who will administer this context)
- Assign file rights
- SRWCEMFA to SYSHOME\\ROOM#
- A to SYSAPPS (1st component for successful APP object assignment)
- Assign application NWAdmin (Gives NWADmin to Admins)
- Assign Rights To Other Objects (Gives control of objects to SubAdmin)
- Add Assignment
- Choose the OU you are going to control
- Object Rights SBCDR
- Property Rights (A)ll SCRWA
- Assign Rights To Other Objects (2nd componenet for successful APP object assignment)
- Add Assignment
- Choose the OU where APP OBJECTS reside
- Object Rights B
- Property Rights (A)ll CRW
- Assign Rights To Other Objects (Allows subadmin to invoke/remove volume space restrictions)
- Add Assignment
- Choose the OU for the volume where users HOME dirs reside
- Object Rights B
- Property Rights (S)elected Property Volume Space Restrictions CRW
- Go to any Print Servers
- Add group to USERS
- Add group to OPERATORS
- Go to any Print Queues
- Add group to USERS
- Add group to OPERATORS
- Revel in the lifting of administrative weight from your shoulders! :)