Exact Permissions to Change/Reset Pwd

P

PMasters

Hi,

I am working with an application that resets/changes
passwords in Active Directory. Unfortunately all I can
determine is Full Control is the only thing that works. I
have tried to specify, read/write, and Change pwd, and
reset pwd, but to no avail.
Anyone know exact permission in AD to an OU that is
required to reset/set/change say a Post Expired password..

thanks,
pm
 
M

Matjaz Ladava [MVP]

One way to find out what permissions are needed is to use delegate control
wizard on OU and select Reset Password. This will modify security settings
on OU for particular user that you delegated rights to. Examine security
settings and you will see what rights are needed. As I checked, this wizard
does set following rights on User Object:
- Reset Password User Right
- Read pwdLastSet
- Write pwdLastSet

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Delegated change dial-in permissions 2
Unlock acct permissions 13
DSMOD User -pwd function 3
what is reset account? 10
Help Desk password reset tools 2
Reset Passwords w/o permissions to delete 1
AD Password Reset Tool 1
Allow a domain user to change local permissions on domain machineswithout allowing full rights on do 1

Top