No announcement yet.

Delegated rights and AdminSDHolder

  • Filter
  • Time
  • Show
Clear All
new posts

  • Delegated rights and AdminSDHolder

    Guys -

    I want my Service Desk personnel to be able to reset passwords and unlock accounts on "Protected" user objects (Domain Admins, Account Operators etc). I do NOT want them to have the ability to add and remove users from protected groups.

    I have added them to "Account Operators" to give them access to all the "Humble" accounts in the directory, and I have delegated the business groups they belong to the right to reset passwords and read all user info on the "Admin Users" OU.

    The trouble is, AdminSDHolder goes round every hour and resets all the bloody permissions...

    Is there any way around this? What can I do to arrange it the way I said in Para 1?


    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you