The Domain Delegation tab on the Change Control pane provides a list of Group Policy administrators who have domain-level access to the archive and indicates the roles of each. Additionally, this tab enables AGPM Administrators (Full Control) to configure domain-level permissions for Editors, Approvers, Reviewers, and other AGPM Administrators. There are two sections on the Domain Delegation tab—configuration of e-mail notification and role-based delegation for Advanced Group Policy Management (AGPM) at the domain level.

Configuration of e-mail notification

The e-mail notification section of this tab identifies the Approvers that will receive notification when operations are pending in AGPM.

Setting Description


The AGPM alias from which notification is sent to Approvers. In an environment with multiple domains, this can be the same alias throughout the environment or a different alias for each domain.


A comma-delimited list of e-mail addresses of Approvers to whom notification is to be sent

SMTP server

The name of the e-mail server, such as

User name

A user with access to the SMTP server


User's password for authentication to the SMTP server

Confirm password

Confirm user's password

Domain-level role-based delegation

The role-based delegation section of this tab displays and enables an AGPM Administrator to delegate allowed, denied, and inherited permissions for each group and user on the domain with access to the archive. An AGPM Administrator can configure domain-wide permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions for each Group Policy administrator.

Button Effect


Add a new entry to the security descriptor. Any users or groups in Active Directory can be added as Group Policy administrators.


Remove the selected Group Policy administrators from the Access Control List.


Display the properties for the selected Group Policy administrators. The properties page is the same one displayed for an object in Active Directory User and Computers.


Open the Access Control List Editor.

Additional considerations

Additional references