How to Delegate the Administration of Subnets in Active Directory

Having an up-to-date list of AD subnets and their sites is a requirement to locate the closest Domain Controller using DC Locator process. Following the evolution of a company network and its subnets is usually a challenge and a difficult task for an AD administrator. Because of that, it might become a requirement to delegate this task to Network Engineers.

This Wiki article shows how to proceed in order to delegate the administration of Subnets in Active Directory. All you need to do is to use the following procedure:

• Open Active Directory Sites and Services (dssite.msc) administrative tool, do a right-click on Subnets and then click on Properties

 

• Go to Security tab and the click on Advanced

• Click on Add…

• Select the target user / group and then click OK

• Under Object tab, make sure that This object and all descendant objects is selected as Name, select Create Subnet objects and Delete Subnet objects permissions then click on OK

• Go to Properties tab, select Read all properties and Write all properties permissions then click on OK