Delegate Control of an OU

Similar Messages

• Issue in custom delegate control

  hi 
   am  creating a custom delegate control with controlid ="AdditionalPageHead" . i deployed and activated as a  site collection feature.
  but i am not sure how to see the activated control/  how to see this control in action.
  below is my code:
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Text;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Administration;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Diagnostics;
  namespace OPUserDispName
    public  class EcmaScriptDelegateControl :WebControl
        protected override void OnLoad(EventArgs e)
            base.OnLoad(e);
            string helloAlert = "alert('Hello, world!');";
            this.Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "popup", helloAlert, true);
  //          if(!HttpContext.Current.User.Identity.IsAuthenticated)
     //              return;
        //       SPUser user = //SPContext.Current.Web.EnsureUser("i:0#.f|OPMembership|OPAdmin");
     //          user.Name = "OPAdmin";
        //       user.Update();
  in my  elements.xml file  of my module :
  <?xml version="1.0" encoding="utf-8"?>
  <Elements xmlns="http://schemas.microsoft.com/sharepoint/">
      <Control Id="AdditionalPageHead" ControlAssembly="OPUserDispName, Version=1.0.0.0, Culture=neutral, PublicKeyToken=467af93481413beb" ControlClass="OPUserDispName.EcmaScriptDelegateControl"
  ></Control>
  </Elements>
  here i wanna see alert when the activated/or page load happened.
  may i know, how to see this, in working. as per the current scenario, am unable to see any output even after feature activation. 
  do i need to do any settings in master page? do i need to perform any changes in web.config.
  help is appreciated!

  This has complete solution.
  http://www.codeproject.com/Articles/113704/SharePoint-Master-Page-Customizations-Through
  can you try RegisterStartupScript instead
  of RegisterClientScriptBlock?
  Bala

• Delegate Control in the masterpage viewable in a single web page?

  Hi,
  I am working on a emergency banner that will appear across all site collections' root website of a SharePoint Web Application using delegate control on the masterpage and user control on a feature.  I was wondering if there is a way to restrict
  the delegate/user control to activate only on a single webpage of a website.
  For example:
  I want the emergency banner to appear on the welcome page (e.g.
  http://mywebapp.com/sites/SiteA/Pages/default.aspx), but not in Site Settings/Contents (e.g.
  http://mywebapp.com/sites/SiteA/_layouts/15/viewlsts.aspx)
  Any help is greatly appreciated.

  ok, then try only second part: create feature of Web scope with Control element and activate it only on particular sites. Did you try it?
  Another option is to change logic of control itself: e.g. it may check some value in property bag of current SPWeb (e.g. ShowControl = true), and if it contains this flag, control will be rendered, if not just set this.IsVisible = false. I.e. you will be
  able to control on what sites to show the control via property bag.
  Blog - http://sadomovalex.blogspot.com
  Dynamic CAML queries via C# - http://camlex.codeplex.com

• Question about Delegate Control to Desktop Support

  I am working on delegating control to a newly formed/reclassified position in my company. This role will primarily provide Desktop Support. They will have little to no need to log into servers.
  I have already gave them admin rights to the end users machines, now I just need to grant them the proper rights in ADUC/Exchange so they can properly perform their role.
  Here is what they will need to do:
  User account lifecycle management (Create, change, delete, change password, etc)
  Computer account lifecycle management (Create, change, delete)
  Security & Distribution Group membership management (Create, change, delete)
  Exchange mailbox creation (Exchange Recipient Administrators)
  Run RSOP for GPO
  Basically, I want them to have full control over user, computer and group objects. This way they can create users, change group memberships,  add computers to domain, delete computer objects, etc.
  The problem I am having, I am not sure what rights I need to grant them via the delegate control wizard to accomplish all of that. I know I could just grant them "Full Control" of the OU structure containing all of our user, computer and group
  objects, but would like to avoid that unless its really what I need to do in the end.
  Any assistance would be appreciated!
  Thanks!

  I would not recommend providing Full control over user, computer and group objects. Provide permission based on the tasks that they need to perform. The following articles
  should help you:
  User/computer/Add remove members to Groups Delegation
  http://kpytko.pl/2012/05/16/active-directory-rights-delegation-overview/
  http://kpytko.pl/2012/05/26/active-directory-rights-delegation-part-2/
  http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions.aspx
  Exchange Mailbox Delegation :
  http://blogs.technet.com/b/matabra/archive/2011/09/16/how-to-create-a-custom-recipient-management-group-using-exchange-2010-rbac.aspx
  Run RSOP for GPO Delegation:
  http://technet.microsoft.com/en-us/library/cc758756(v=ws.10).aspx

• Delegate Control on OU for Non-Admins

  Hello. I have an OU for a remote office. There is a local IT person who is able to join computers to the domain and manage the OU. I created a security group and this person is in this group. I have given the delegate control permission to this group and
  everything is working fine. The IT person can join computers to the domain and do other things in the OU. The issue is that a new IT person has joined the team in that remote office and he needs the same rights. I added him to the security group but for some
  reason he cannot join computers to the domain. He gets an access denied error. What am I missing??
  Asif Shah

  Hello. I have an OU for a remote office. There is a local IT person who is able to join computers to the domain and manage the OU. I created a security group and this person is in this group. I have given the delegate control permission to this
  group and everything is working fine. The IT person can join computers to the domain and do other things in the OU. The issue is that a new IT person has joined the team in that remote office and he needs the same rights. I added him to the security group
  but for some reason he cannot join computers to the domain. He gets an access denied error. What am I missing?
  In addition check the user membership in other groups. Maybe he has Deny access somewhere in the domain.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Delegate Control - Add/Remove Computers

  We are looking at a way to delegate control to our client services group so that they can add and remove computers from the domain.  I am not seeing this in the available options.  We'll be applying this to certain OU's within the domain to ensure
  they cannot remove critical server accidentally such as a DC.  Ideas or links are appreciated.
  Thanks!

  These articles cover delegating these rights to users.  In general delegating these rigths creates issues because the user that created the object is given full control, and therefore they can do things other users can't.  Moving an object requires
  special rights in the source and target OU, while managing all computers in multiple OUs requires additional rights.
  How to allow specific users to add workstations to the domain
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20specific%20users%20to%20add%20workstations%20to%20the%20domain.aspx
  How to overcome issues related to specific users adding workstations to the domain
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20overcome%20issues%20related%20to%20specific%20users%20adding%20workstations%20to%20the%20domain.aspx
  How to allow users to fully manage Computer objects in an OU
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20users%20to%20fully%20manage%20Computer%20objects%20in%20an%20OU.aspx
  How to allow users to move computer objects between OUs
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20users%20to%20move%20computer%20objects%20between%20OUs.aspx

• Delegate Control (AdditionalPageHead) rendering...but when?

  Hi,
  can someone tell when a Delegate Control (AdditionalPageHead) is rendering?

  It renders in the Initialization Page Lifecycle event,
  In the v4.master page, in the additonal head place holder, there is a delegate control, literally SharePoint:Delegatecontrol... etc defined in the markup.  it has an ID of AdditionalPageHead.
  When the delegate control loads in the Initialization lifecycle event, it goes through the Features folder in the 14 hive and looks for Element.xml files that define <Control.. nodes.
  If the control nodes ControlID is set to AdditionalPageHead, the delegate caches them, and then initializes the control the Control node references in the order of their
  Sequence.  The control node with the lowest Sequence gets initialized first.
  Any control loaded via that delegate control should be available in a child controls CreateChildControls method, assuming you did base.CreateChildControls() first.  Any script output in an ascx control loaded by that delegate control should render in the
  page head of a page at the end of the page head.  The delegate control is declared after the ootb sharepoint scrip and css includes, so anything you deploy to that delegate control should have all the ootb javascript available and you can use ExecuteOrDelayUntilScriptLoaded
  to wait for a sharepoint java api to finish loading (they load dynamically).
  Additionally, if you need a control to load in a delegate control someplace else, you can edit the master page for a site and add your own delegate control place holder.
  My Blog: http://www.thesug.org/Blogs/ryan_mann1/default.aspx Website: Under Construction

• Delegate control, how can I find out which one is being used?

  I am working with some mysites customizations and came across a delegate control. How can I tell which control SharePoint is currently pointing this delegate control to?  If someone already swapped it out, how would I know?
  <SharePoint:DelegateControl runat="server" ControlId="ColleaguesLink1" Scope="Farm" />
  What does ColleaguesLink1 currently point to?  What did it originally point to?

  This blog post may get you started (same applies to SharePoint 2010):
  http://usingsystem.wordpress.com/2008/04/11/sharepoint-delegatecontrol/
  I hope this helps,
  Regards,
  Yuri Lausberg, MCP, MCAD, MCSD, MCTS, MCPD

• Setting up BitLocker missing delegate control setting

  Hi,
  I am setting up BitLocker in our AD. I checked the schema using ADSI edit and it looks as if the schema is already extended.
  I find:
  CN=ms-FVE-KeyPackage
  CN=ms-FVE-RecoveryGuid
  CN=ms-FVE-RecoveryInformation
  CN=ms-FVE-RecoveryPassword
  CN=ms-FVE-VolumeGuid
  CN=ms-TPM-OwnerInformation
  So, now i want to delagate permissions in AD on the workastations OU for the SELF account.
  In the delegate wizard i can only find Write msTPM-OwnerInformation.
  On the technet page jj592683 ("Prepare your organization for BitLocker:..." "Applies To: Windows 8, Windows 8.1"), it referes to both Write msTPM-OwnerInformation and Write msTPM-TpmInformationForComputer.
  However in the delegate wizard i cannot find Write msTPM-TpmInformationForComputer.
  What is missing?
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights

  Hi,
  I am setting up BitLocker in our AD. I checked the schema using ADSI edit and it looks as if the schema is already extended.
  I find:
  CN=ms-FVE-KeyPackage
  CN=ms-FVE-RecoveryGuid
  CN=ms-FVE-RecoveryInformation
  CN=ms-FVE-RecoveryPassword
  CN=ms-FVE-VolumeGuid
  CN=ms-TPM-OwnerInformation
  So, now i want to delagate permissions in AD on the workastations OU for the SELF account.
  In the delegate wizard i can only find Write msTPM-OwnerInformation.
  On the technet page jj592683 ("Prepare your organization for BitLocker:..." "Applies To: Windows 8, Windows 8.1"), it referes to both Write msTPM-OwnerInformation and Write msTPM-TpmInformationForComputer.
  However in the delegate wizard i cannot find Write msTPM-TpmInformationForComputer.
  What is missing?
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights
  "msTPM-TpmInformationForComputer" comes with Windows Server 2012 schema extensions and later: http://msdn.microsoft.com/en-us/library/hh554139.aspx
  The other attributes listed all came with Windows Vista/Windows Server 2008. Have you extended your schema for Windows Server 2012 or Windows Server 2012 R2?
  dsquery * cn=schema,cn=configuration,dc=domainname,dc=com -scope base -attr objectVersion
  You need at least schema version 56.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• Delegate Control Restrictions...

  Good Morning,
  I'm trying to give Delegation of Control to a Group for a certain OU.  Basically give them "Create Users" privileges but prevent them from adding specific user groups like Domain Admins or Enterprise Admins.  I would appreciate any instruction
  on how to achieve this.
  Thanks,
  cc

  In addition, once you've delegated the group, you can create a custom ADUC for those folks, if you like. I created a TechNet Wiki on this. I hope it helps:
  After Delegating Permissions for an Organizational Unit (OU) in Active Directory Users and Computers (ADUC), Create a Custom MMC or Custom RSAT
  http://social.technet.microsoft.com/wiki/contents/articles/26536.after-delegating-permissions-for-an-organizational-unit-ou-in-active-directory-users-and-computers-aduc-create-a-custom-mmc-or-custom-rsat.aspx
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Delegate control question

  I need help delegating control in order to modify the e-mail field of a users properties. When a user doesn't have access, the field is grayed out and they are unable to highlight it. I tried Read/Write, but that doesn't seem to do anything. I went Advanced
  and didn't see anything specific that could trigger it. Anyone have any ideas? 

  It's a hidden attribute. You could use a third party LDAP reader to easily expose it, such as freeware Apache Direcotry Studio. You can simply right-click in the attribute list, and add it, and it will show up.
  We use it in a 27k Office 365 mailbox environment and once in awhile pulling up hidden attributes on the fly. Works like a charm.
  http://directory.apache.org/studio/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.
  I'll give this a shot. Thanks!
  FYI,
  I checked this out in ADSI Edit. If you need to, and if this is just a permission you have to change for one or two folks, you can do it in here.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.
  I don't see that option at all. I've edited the dssec.dat file in both system32 and syswow64 on the domain controller and restarted ADUC and don't see it.
  I am trying to provide a user group this control and delegating the control to the domain. Does it have to be done on specific OU's?
  Domain functional level is only 2003. Could this be the reason?
  I've tried to mess around with Apache Directory Studio but am lost in where to find this hidden attribute.
  What is needed is to select User Objects and then the property/specific attribute will be there.

• Creating top navigation using user control

  I want to create a custom user control that will display my own top navigation in my publishing site's master page.  
  I know another option is to use sharepoint's own top navigation and then customize it using CSS etc. but I have tried this thing and can't get my head around it. I mean it seems so difficult and very limited in functionality so I am trying to make top navigation
  using user control.  
  Is there some API that will give me all links in navigation in SharePoint? Like for e.g. SPNavigation which I can call and iterate through all elements including parent or child?  
  What are the drawbacks of making top navigation as user control in master page?
  Will end user be still be able to use Navigation options in SharePoint Administration?

  Hi,
  You can customize global navigation at two levels. You can customise the display (how the menu is rendered) but utilize out-of-the-box navigation providers. It'll work if you just want to modify the way navigation is rendered. You can use delegate control
  to replace sharepoint control with your own custom user control. In the user control you can access navigation data using SPNavigationProvider(s). However, if you want to customize navigation data - for exmaple, you want to apply some custom logics to show/hide
  some navigation link - you need to write your own custom navigation providers.
  What I've found, for static menu, managed metadata based navigation will be suffice for most of the scenario - so you don't need to customize the navigation. However for dynamic navigation, you need to write your own navigation control and provider. Reference:
  http://blogs.msdn.com/b/gauravbadhan/archive/2013/04/02/creating-a-custom-navigation-for-sharepoint-2010.aspx.
  Thanks,
  Sohel Rana
  http://ranaictiu-technicalblog.blogspot.com

• Prime Infrastructure delegate specific config changes - wireless controller

  Hello,
  I have a customer that would like to delegate control for two items on a WLC to a sub-group within their organization.  They'd like to allow this group to change the PSK on a specific WLAN on their WLC 5508 and also add/remove/change mac addresses from the Mac Filter list whenever necessary. 
  They'd like to restrict the group to only be able to make these two specific changes and not be able to change anything else on the controller.  Is there a way in PI to restrict this group so that they can only make these changes? 
  I can see that in 2.0 I can require job approval which may work as some part of the restriction. 
  Any thoughts/ideas/help?

  add a new group (choose on of the user defined groups). Mark the options you want to have. (network configuration)
  Posted by WebUser Erik Boss from Cisco Support Community App

• How to apply security trimming control on Site Action (Gear) in SharePoint 2013?

  I want to apply security trimming control on Site Action (Gear) & change the position of the welcome control, but I am not able to find Site Action delegate control and welcome control in seattle.html or seattle.master page.
  Can you please let me know how to find Site Action & Welcome control?
  Thanks
  G Goyal

  If you would like to implement security trimming on site action through custom code then following could help you,
  In your visual studio project create a class which implements System.Web.UI.WebControls.WebControl. In the
  CreateChildControls Method you could get the FeatureMenuTemplate control which is SharePoint’s
  WelcomeMenuTemplate.
  After creating control, you could add it as an menu item into your site action menu using a
  customaction xml.  
  You could get the child controls from this and can remove them as required.
  Note: using this approach, if you have User profile service running then it will not remove the “About Me” link. But if you have forms authentication enabled then you could change your logic to remove this link.
  Hope I have contributed to your issue.

• User control to masterpage in sitedefintion

  Hi,
  I would like to add a usercontrol to my masterpage present in solution which has the site definition. The links on internet show only about creating a basic solution which contains only usercontrol , then signing it and putting safe control attribute and deploying
  and after that adding it on masterpage in designer. But in my solution, where the usercontrol will be a part of another project in the solution,
  1) how do I go about doing this ?
  2) Is using Modules item a preferred way to deploy this or using mapped control template folder better?

  You can build the user control and add the reference to your master page.
  SP2013:
  Adding a custom usercontrol to masterpage using Design Manager
  also refer these links
  OTB
  Delegate controls and Content Placeholders in SharePoint 2013 Publishing Master Page
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.