G
Guest
I want to delegate the User account management tasks in Active Directory
Domain to Helpdesk agents.
For this activity I am using the builtin group called Account operators but
after adding helpdesk agents User ID into Account operators group he is able
to change the password of all domain admin accounts,delete them,rename etc.In
short he is able to do all activities on domain admin accounts and I want he
should not able to do anything with domain admin accounts but he should
continue to do the delgated task on all othe user accounts.
Even I tried with delegation wizard on main domain tree but still the
results are the same.
Can anybody suggest better method or any schema modifications?
Domain to Helpdesk agents.
For this activity I am using the builtin group called Account operators but
after adding helpdesk agents User ID into Account operators group he is able
to change the password of all domain admin accounts,delete them,rename etc.In
short he is able to do all activities on domain admin accounts and I want he
should not able to do anything with domain admin accounts but he should
continue to do the delgated task on all othe user accounts.
Even I tried with delegation wizard on main domain tree but still the
results are the same.
Can anybody suggest better method or any schema modifications?