You can use Access Templates from the Active Directory container to delegate Active Directory data management tasks and Active Directory service management tasks, such as:
- User and group management
- Management of computer, printer queue, or shared folder objects
- Forest and domain configuration management
This container includes templates that allow for a wide range of administrative tasks and templates that limit access to selected properties of Active Directory objects.
You can use Access Templates from the Azure container to delegate management tasks on containers performing Azure related operations, such as:
- Azure Configuration in hybrid environment
- Azure user management tasks in hybrid environment
- Azure contact management tasks in hybrid environment
- Azure group management tasks in hybrid environment
- Office 365 group management tasks in Azure AD
AD LDS (ADAM)
You can use Access Templates from the AD LDS (ADAM) container to delegate data management tasks on the following object types in Directory Lightweight Directory Services (AD LDS):
- AD LDS Container
- AD LDS Group
- AD LDS Organizational Unit (OU)
- AD LDS User
For instructions on how to view or set permissions on AD LDS objects, refer to the AD LDS Data Management chapter, later in this document.
You can use Access Templates from the Computer Resources container to delegate management tasks on resources that reside on local computers, such as:
- Local users and groups
- Network file shares (shared directories)
- Printers and print jobs
This container includes templates for specific administrative roles, such as Printer Operator or Service Operator, and templates that specify access to selected properties of computer local resources.