Finally got a task, “Adding a Custom MMC for a group of users to manage things”
I’d like to give a group access to add contacts to a specific OU in ou Active Directory. I’d like to give them a custom MMC that would only display the specific OU they could add contacts.
The steps to accomplish the same
Click ‘Start’ > ‘Run’ > type ‘MMC’ > Add the Active Directory Users and
Right click the OU that the group need to add contacts to.
Choose ‘New Windows from here’
Console menu > ‘Save As’.
That should then allow you to save a .msc file… a console that will load
and display the container that you originally selected. The .msc file can
been sent out to the group that need to add contacts
Another trick that can be followed is to do a filter so that if you want to say allow users to manage a specific group.
I found the same nicely documented at
Open your Run command and type “mmc” and click “OK”
An mmc (Microsoft Management Console) will open.
Click File -> “Add/Remove Snap-in…”
A dialog will open. Click the “Add” button.
From the available list choose “Active Directory Users and Computers”.
NOTE: If you don’t have ADUC installed on the computer you are building this on it will not show up in the list.
Click on “View -> Filter Options…”
Click the radio button “Create custom filter:” Then click on “Customize”.
From the filter options window click on “Field” then choose “Group -> Name”
Now type in the name of the group you want to see in the list then click “Add”
Once you see your filter query in the bottom box click “OK”.
Now you should see the group show up in your custom mmc. There should be no other groups there.
NOTE: In the filter you can just type the first few characters and get several groups to show up or you can add several queries for multiple groups.
Now click on “View -> Customize…”
Uncheck everything except for “Status bar”.
Now click on “File ->Save As…”
Name the MMC something relevant to your application and save it somewhere you can find it.
That’s it! You have created a custom MMC and you can copy it to any workstation and when you user opens it up they will be able to manage the security group without bothering you. Sweet!