Modify admin rights in active directory

new2MSA
new2MSA used Ask the Experts™
on
I want to be able to restrict an administrators rights so that they can only change user passwords. I know how to manually delegate authority in OU's, but there is not option to only allow the ability to change passwords. Is there something I am overlooking or is there another way to do this? Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Open the Properties page of your OU and go to the Security tab. If you can't see the Security Tab, choose Advanced Features from the View menu. Add the group you want to assign the chnage password right to. Highlight that group and click Advanced. On the Permissions tab, highlight the group you just added and click Edit. Beside Apply onto, select User Objects. Make sure the following entries are checked: List Contents, Read All Properties, Read Permission, Change Password, Reset Password. OK your way out.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial