Select the AD Delegation tab and Click the Create Security Role from the quick links. This opens the Create Security Role Wizard.
Click Go to Step1.
Specify a name and description for the role and click Go to Step2.
The most common Active Directory objects are displayed in the combo box. You also have an option to include more objects to this combo box by clicking the Edit link. Select the required Active Directory object to view its security permissions.
The available permissions for the selected object are displayed. Select the appropriate permissions that you wish to apply. You also have an option to search the permissions list to choose the required permissions.
Select the appropriate option to specify the objects for applying the permissions. You can choose from the following options:
This object only: This means during delegation, the role will only be applied to the selected target container.
This object and all child objects: This means during delegation, the role will be applied to the selected target container and all its child objects.
Child object only: This means during delegation, the role will be applied to all the child objects of the selected target container.
Specific object: This can be any specific AD object, such as Computer object, Container object, Domain object, etc. Selecting this option will apply the role to all of these objects in the selected target container, during delegation.
Click Allow or Deny to add it to the selected permissions list.
After adding all the required permissions, click Finish to view the summary of the role defined.
Click Save Role to save and quit the wizard.
Note:Creating a security role will not grant or revoke permissions to the users. Only when the role is applied/delegated to the users, the permissions defined in the role are granted/revoked.