No announcement yet.

Reset Ex-Domain Admin Password

  • Filter
  • Time
  • Show
Clear All
new posts

  • Reset Ex-Domain Admin Password

    Hi, i have a helpdesk group which are members of the account operators and can reset passwords along the Main OU with no problems.
    But for some reason they can't reset certain user passwords.
    I made some tests and i think that if those users were Domain Admins for some reason and then we removed them from the Domain Admins Group, they still can't reset their passwords.
    Is this a normal issue?
    How can i give them rights to reset all user passwords along the domain?

  • #2
    Re: Reset Ex-Domain Admin Password

    Are the "Previous" Domain Admins in any other groups?

    Account operators cannot change any admin passwords or anyone in the account operator group.

    Depending on the actual goal: You could remove all groups from the old "Domain Admin" down to domain user and then try.

    Let us know.



    • #3
      Re: Reset Ex-Domain Admin Password

      Hi, thanks for your reply.
      I removed all the other user groups from this user.
      The user only belongs to the Domain Users group, but i still can't reset his password.


      • #4
        Re: Reset Ex-Domain Admin Password

        Can you provide some more information?

        Which OU is the person apart of?

        By default, Account Operators have
        permission to create, modify, and delete accounts for users, groups, and
        computers in all containers and organizational units (OUs) of Active
        Directory except the Builtin container and the Domain Controllers OU.

        What is the exact error? Is the optioon unavailble, gives error, etc.



        • #5
          Re: Reset Ex-Domain Admin Password

          Take a look at the Security Tab for these specific users. Make sure that the appropriate groups that were previously delegated permissions (such as Account OPerators) are still listed in the Access Control List (ACL). If needed, you may need to re-enable "Inherit Permissions from Parent..."
          JM @ IT Training & Consulting


          • #6
            Re: Reset Ex-Domain Admin Password

            Hi, you guys were right.
            If i checked the permissions of one of those users the Accounts Operators group was gone.
            It make sense that if you are a Domain Admin these group is removed but once you are not longer a Domain Admin i guess it doesn't get re-added by default.
            Anywa i added the group again and all looks good.
            Thanks for the help.