Announcement

Collapse
No announcement yet.

Windows 2008R2 Domain, Account Unlock Tool

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008R2 Domain, Account Unlock Tool

    What is the best free tool to unlock the user account for the delegated administrators?
    I have delegated account unlock privilege to the Helpdesk members. In a huge enterprise I would like to point them to the particular OU and unlock the user account.

  • #2
    Re: Windows 2008R2 Domain, Account Unlock Tool

    Powershell, dsmod or ADUC.... or am I missing something here?
    Rules of life:
    1. Never do anything that requires thinking after 2:30 PM
    2. Simplicity is godliness
    3. Scale with extreme prejudice


    I occasionally post using a savantphone, so please don't laugh too hard at the typos...

    Comment


    • #3
      Re: Windows 2008R2 Domain, Account Unlock Tool

      can I customize ADUC to always point to a particular OU instead of domain?

      Comment


      • #4
        Re: Windows 2008R2 Domain, Account Unlock Tool

        No. ADUC connects to the forest/domain root, it doesn't connect to an OU. Aee you trying to hide the eest of the directoey structure from your helpdesk staff or something? As long as you have delegated permossions at the OU level it doesn't really matter what they see in ADIC. They will only be able to manipulaye objets in that OU.


        Unless you provide kore detail, I can't help you further than that...
        Rules of life:
        1. Never do anything that requires thinking after 2:30 PM
        2. Simplicity is godliness
        3. Scale with extreme prejudice


        I occasionally post using a savantphone, so please don't laugh too hard at the typos...

        Comment


        • #5
          Re: Windows 2008R2 Domain, Account Unlock Tool

          Originally posted by userPrincipalName View Post
          No. ADUC connects to the forest/domain root, it doesn't connect to an OU. Aee you trying to hide the eest of the directoey structure from your helpdesk staff or something? As long as you have delegated permossions at the OU level it doesn't really matter what they see in ADIC. They will only be able to manipulaye objets in that OU.


          Unless you provide kore detail, I can't help you further than that...
          You can create a custom MMC that will open a specific OU only. To do this follow these instructions:

          1. Click on Start, Run and type MMC then press enter
          2. Click on Add/Remove SnapIn and select ADUC.
          3. Browse to the OU that you wish to open, right click then select New Window From Here.
          4. Save the MMC Console that is opened as OU.msc.
          5. Open to verify that only that OU opens.

          These steps have been tested by me on a Windows 8 Enterprise system. Same process applies for all OS's from memory.

          More info on creating custom MMC's

          http://support.microsoft.com/kb/230263

          Comment


          • #6
            Re: Windows 2008R2 Domain, Account Unlock Tool

            Learn something new evey day!
            Rules of life:
            1. Never do anything that requires thinking after 2:30 PM
            2. Simplicity is godliness
            3. Scale with extreme prejudice


            I occasionally post using a savantphone, so please don't laugh too hard at the typos...

            Comment


            • #7
              Re: Windows 2008R2 Domain, Account Unlock Tool

              Sorry mate I just realised that I quoted you. Was not intentional.

              Comment


              • #8
                Re: Windows 2008R2 Domain, Account Unlock Tool

                Originally posted by wullieb1 View Post
                You can create a custom MMC that will open a specific OU only. To do this follow these instructions:

                1. Click on Start, Run and type MMC then press enter
                2. Click on Add/Remove SnapIn and select ADUC.
                3. Browse to the OU that you wish to open, right click then select New Window From Here.
                4. Save the MMC Console that is opened as OU.msc.
                5. Open to verify that only that OU opens.

                These steps have been tested by me on a Windows 8 Enterprise system. Same process applies for all OS's from memory.

                More info on creating custom MMC's

                http://support.microsoft.com/kb/230263
                I used this method dating back to AD 2003. You can install the RSAT on the workstation and setup the custom console. No need for the user to ever touch the server.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment

                Working...
                X