Authorizing DHCP Server by a non-enterprise administrator

By default, only a administrator which is member of “Enterprise Admins” group can authorize the DHCP which is installed in domain environment. If the other accounts  would like to authorize the DHCP server which is a member server in child domain, you may get “Access is denied“.

 

To solve this problem, I try to grant the permission for child domain administrator.

 

1. At the forest root domain controller, log in as Domain Administrator.

2. Launch “Active Directory Sites and Services“.

3. On the menu, click “View > Show Services Mode.

 

4. Expand “Services > NetServices“.

5. Right-click “NetServices“, select “Delegate Control“.

 

6. On “Delegation of Control Wizard” screen, click “Next“.

7. On “Users or Groups” screen, add an user or group which you want to grant permission for authorizing DHCP servers to.

 

8. Click “Next“.

9. On “Tasks to Delegate” screen, select “Create a custom task to delegate“.

 

10. Click “Next“.

11. On “Active Directory Object Type” screen, select “This folder, existing objects in this folder, and creation of new objects in this folder“.

 

12. Click “Next“.

13. On “Permissions” screen, check “Full Control“.

14. Click “Next” .

15. Click “Finish“.

Now, the non-enterprise administrator user account can authorize the DHCP Server which is installed in Child Domain.

Ref: http://terrytlslau.tls1.cc/2011/11/authroizing-dhcp-server-by-child-domain.html

https://technet.microsoft.com/en-us/library/cc786474(WS.10).aspx