AD Administration

C

Chris

I remember in NT 4.0 you could create a group that had
only rights to unlock or reset a users password in the
user administration screen. Is there the same kind of
program or permissions in Windows 2000 AD. I am finding
that the support center is creating users accounts without
prior authorization when they are only supposed to be
using it for locked accounts or password changes.
 
M

Matjaz Ladava [MVP]

Look into Delegation of Control task in AD. In AD you can delegate a
particular user or groups a permission to do various tasks. You do this on
the OU level, by rightclicking on the OU and selecting delegate control. Of
course you have to organize your AD structure into Organizational Units (OU)
to reflect your AD administration and organization structure.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password Reset and Unlock by Help Desk 13
AD Delegation 2
Unlock Password Taskpad View? 5
Password Reset and Unlock unable to disable.. 4
Limiting AD administration tasks 1
Solution! Active Directory password expire notification tool 1
AD Password Reset Tool 1
Windows 2000 AD / NT 4.0 Account Operators 4

Top