I want to give some users in our organisation the ability to unlock user accounts.
I have used this knowledge base article as a starter Q294952.
next I have constructed a custom mmc where i am able to unlock a user account through the properties of the user.
until so far everything goes fine!
BUT! in the mmc i have created a button "unlock account" which calls a vbs script that unlocks the account.
this script also works fine, but only when the user has full change rights on the userobject he wants to unlock.
and I have only delegated the unlock-right (lockoutTime). and i don't want to give more then the highly neccesary rights.
the vbs script i have created goes wrong on the userobject.SetInfo
i recieve the error that i dont have access...
does annybody know where i have to set rights so that i am also able to unlock the user account with the vbs script???????????
this is from the eventviewer from the domain controller:
1st event
__________________________
Object Open:
Object Server: DS
Object Type: user
Object Name: CN=Mey\, van der\, M. Miró [Test],OU=Gebruikers,DC=dz
New Handle ID: -
Operation ID: {0,333696797}
Process ID: 304
Primary User Name: DC12$
Primary Domain: DZ
Primary Logon ID: (0x0,0x3E7)
Client User Name: huizengou
Client Domain: DZ
Client Logon ID: (0x0,0x13E3CF00)
Accesses Write Property
Privileges -
Properties:
---
Account Restrictions
userAccountControl
2nd event
__________________________
Object Open:
Object Server: DS
Object Type: user
Object Name: CN=Mey\, van der\, M. Miró [Test],OU=Gebruikers,DC=dz
New Handle ID: -
Operation ID: {0,333696798}
Process ID: 304
Primary User Name: DC12$
Primary Domain: DZ
Primary Logon ID: (0x0,0x3E7)
Client User Name: huizengou
Client Domain: DZ
Client Logon ID: (0x0,0x13E3CF00)
Accesses Write Self
Privileges -
Properties:
---
Account Restrictions
userAccountControl
I have used this knowledge base article as a starter Q294952.
next I have constructed a custom mmc where i am able to unlock a user account through the properties of the user.
until so far everything goes fine!
BUT! in the mmc i have created a button "unlock account" which calls a vbs script that unlocks the account.
this script also works fine, but only when the user has full change rights on the userobject he wants to unlock.
and I have only delegated the unlock-right (lockoutTime). and i don't want to give more then the highly neccesary rights.
the vbs script i have created goes wrong on the userobject.SetInfo
i recieve the error that i dont have access...
does annybody know where i have to set rights so that i am also able to unlock the user account with the vbs script???????????
this is from the eventviewer from the domain controller:
1st event
__________________________
Object Open:
Object Server: DS
Object Type: user
Object Name: CN=Mey\, van der\, M. Miró [Test],OU=Gebruikers,DC=dz
New Handle ID: -
Operation ID: {0,333696797}
Process ID: 304
Primary User Name: DC12$
Primary Domain: DZ
Primary Logon ID: (0x0,0x3E7)
Client User Name: huizengou
Client Domain: DZ
Client Logon ID: (0x0,0x13E3CF00)
Accesses Write Property
Privileges -
Properties:
---
Account Restrictions
userAccountControl
2nd event
__________________________
Object Open:
Object Server: DS
Object Type: user
Object Name: CN=Mey\, van der\, M. Miró [Test],OU=Gebruikers,DC=dz
New Handle ID: -
Operation ID: {0,333696798}
Process ID: 304
Primary User Name: DC12$
Primary Domain: DZ
Primary Logon ID: (0x0,0x3E7)
Client User Name: huizengou
Client Domain: DZ
Client Logon ID: (0x0,0x13E3CF00)
Accesses Write Self
Privileges -
Properties:
---
Account Restrictions
userAccountControl
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.