Manipulate delegation wizard in Active Directory

Ever wanted to add your custom attribute to Delegation Wizard feature of Active Directory? Then you came to the right place. Sometime it can happen that default attributes of ‘Delegation Wizard’ are not just enough for you and you would like to add more options to it. In order to do that, you have to edit delegwiz.inf file which you can simply find it on a Domain Controller.

As you open the delegwiz.inf you will notice that there are nearly 13-14 predefined templates. Each of these templates is a task in delegation wizard. If you want to have a new task in default tasks of delegation wizard, you have to inject a new template to it.

Now we are going to insert a new task in default tasks of delegation wizard. In this tutorial we will allow modification of pager attribute. Each task in delegation wizard is pointed to a template in delegwiz.inf. So the very first thing to do is to append a template to the first line.

Templates = template1, template2, template3, template4

Now copy and paste the code below to the end of the file:




Description = "Create, Delete, and Manage Pager Attributes"

ObjectTypes = user




In the very last line you have to assign permissions to the attribute. Create Child (CC) and Delete Child (DC) is the most common permissions, though you can use Read Property (RP), Write Property (WP) and Full Contrll (GA).

Done! There is only one more step to do and that is saving the file and overwriting to the original location. But it is not possible! You cannot simply copy and paste the file to %systemroot%/System32 folder because you do not have the required permissions. Just change the owner to the administrator from TrustedInstaller and assign full control permissions and then you can overwrite it.

You can open delegation wizard and verify that the new template has been added!