Delegate Permissions on OU

R

RDH

We have added a new domain to our Windows 2000 forest. I
tried to give the help desk from the root domain
premissions to change password and reset accounts. Went
through the delegation wizard and it worked fine - we can
change passwords and reset new accounts but the old
accouts that were already defined in the User container
failed. When the help desk tries to reset an account for
a user that already existed - they get insufficient
privledges. Works great on accounts that were created
after I ran the delegation wiz. Any ideas on how to force
the permissions on the old accounts?
 
R

Richard Harlan

I figured this out, we ended up burning a call on premier
support but I thought I would post a reply so the next
poor soul wouldn't have to.

These are the KB articles you want to look at.

Minimum Permissions Are Needed for a Delegated
Administrator to Force Password Change at Next Logon
Procedure (296999)

How to Grant Help Desk Personnel the Specific Right to
Unlock Locked User Accounts (279723)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

delegate control over workstations by OU 2
Delegate Control of OU Help Needed 1
OU Permissions 5
Delegation in AD not working 5
Delegation Rights ? 1
Inheritance on user objects with Domain Admin membership 2
AD Design Help..needed.. 3
Give Chnage Password Permissions only 2

Top