No announcement yet.

Deligating a user with reset password credentials

  • Filter
  • Time
  • Show
Clear All
new posts

  • Deligating a user with reset password credentials

    Hi all,
    I was assigned with a task to delegate a cretin user in the AD to credentials to reset passwords and unlock accounts of other user, which group should I add this user too?

    And in addition, is there anyway I can give the user credentials to access any folder on the domain without giving him Domain Admin administrative rights?

    Thanks to all.

  • #2
    Re: Deligating a user with reset password credentials

    1. That user is your customer, not a "cretin". Show him some respect because without him you don't have a job.

    2. To delegate authority to reset passwords, put all the users whose passwords he should be able to reset into a single OU, right-click the OU and run the Delegation of Authority Wizard.

    3. Create a group called something sensible like "Full File Access" and grant it "Full Control" permission over all volumes; this will propagate to folders, subfolders and files. Be aware that if inheritance is blocked anywhere that these permissions will not propagate - so good records of where inheritance is blocked are essential.

    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you


    • #3
      Re: Deligating a user with reset password credentials

      thanks, ill give it a try, and btw, that user is a certin user, not a customer, its a test user for a project nothing more.


      • #4
        Re: Deligating a user with reset password credentials

        I think we have some confusion here:

        jj516, in your original post, did you mean a "certain" user, as in one particular user and not everyone?

        "cretin" has a very different meaning, generally applied to people of very limited intelligence. It is the sort of thing that SysAdmins DO sometimes say about users, after a bad day, but very quietly and not in a public environment!

        Now lets get back on topic -- follow Stonelaughters advice about the delegation wizard and you should have no problems

        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **


        • #5
          Re: Deligating a user with reset password credentials

          the delegation wizard option certainly works but if you want to narrow down the permissions further:

          You can also create a group "Unlock and Reset Accounts"
          Go to the properties of the OU - security - advanced tab

          Add in the group and edit it. here you can select more granular permissions.

          On the object tab - apply to 'user objects' and theres one in there to reset passwords. The one to unlock accounts is on the 'properties' tab and I think its called "write lockout time"

          google will give you the exact permissions.


          • #6
            Re: Deligating a user with reset password credentials

            Thank you all for your replays, i'm sorry it took me forever to answer, i was away on vacation, both methods worked. and regarding Ossian - i ment certain, sorry, it was a misstype by me.