My name is Andrei, and I am new to the forum. I have a rather difficult project that I have been assigned, and have been struggling with it, so thought of asking you experts for some help.
My manager was recently asked to furnish an audit report that has the names of all the people in our Help Desk teams who can reset the passwords of all the user accounts in one of the Active Directory domains we manage for one of our customers.
There are about 5000 user accounts in this customerís AD, and because we a managed service provider, and we have our helpdesk teams in India, we have about 300 people in all who belong to various Help Desk teams. However, I know for a fact that not all of these people can reset the passwords of all the accounts in that customerís domain, because although we have a fair amount of delegation, and mostly based on nested group memberships, we do have a fair amount of deny permissions for some of these groups.
The problem is that there are so many permissions, given that there are 5000+ accounts, so I donít know where or how to begin, or what to do to generate this report. To add to that, those deny permissions make it all the more harder.
So my question is Ė How do I generate this report to document who is delegated the ability to reset passwords in this customerís Active Directory?
Thank you for your help.