I put user to server operator so he can connect to domain controller ,and manage only one OU. Also i need to enable him so he can administrating remotely.So i add him to remote desktop user group,i put him in remote settings > add user , i add user account so he can connect remotly ,and he still can't. Server is windows 2008 R2 so is there any solution or explanation of this. Thank's

Hiya, First you can select to Delegate Control to a specific OU, rather than granting him a role. Right click the appropriate OU and select Tasks -> Delegate Control. Is it servers or clients he needs to administrate remotely? - If he needs to administrate the servers, he should be in lokal administrators group of the target server(s). This could be done using a GPO.

The user does not need to remote to the domain controller to administer an OU. You can install the Active Directory Adminitration tools (also known as RSAT in Windows 7) to allow him to manage Active Directory. As Jesper said above, you can limit him to managing one OU by right-clicking on the OU and granting him only the access that you want him to have.If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". Rich Prescott | MCITP, MCTS, MCP Blog | Twitter: @Arposh | Powershell Client System Administration tool

Hi, you can use the MMC and add the snap " active directory users and computers" and manage your specific OU because it's not recommended to allow users to access to the DC , or you can use the "Remote Server Administration Tools"Oussama Oueslati | System Engineer | vNext Consulting

OK so about delegation to OU everything is fine,i connect to domain controller because administrator have server operator role,but they don't have permission to log on remotly, so can someway add permission to log in remotly ,about Active Directory Adminitration tools they don't have that much knowledge and that stuff. So my question is how to enable user with server operation group, to log remotely to domain controller?Because they only can log in to domain controller through console but they can't through remote desktop ,and also i add user in remote settings > add user , i add user account so he can connect remotely ,and he still can't , and i add him to remote desktop user group

Hello, to delegate control to other people, helpdesk for example, do NOT make them any kind of administrator. There is no need for this. On the required OU use delegate control wizard and set the only required permissions for the security group that contains that people. Then also install the RSAT tools on the client machines(Windows Vista or higher) or adminpak.msi if lower OS versions and that way they can work without having the need to logon to the DC. More details in: http://blogs.dirteam.com/blogs/jorge/archive/2006/01/05/369.aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

so they gone have XP OS,and am gone install like you said adminpak.msi ,and am gone add them to server operation group,but they still can't install adminpak.msi ,so in which group i need to add them so they can install but only to install. Thank's