[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 668
  • Last Modified:

Reset Password Delegation

We would like an individual from each one of our departments to have the right to reset passwords for members of their respective departments during off hours.  We have an OU for each department and we're going to use the delegation wizard at the OU level to reset passwords.  My question is, do these users need access to Active Directory Users and Computers to reset these passwords? I would imagine so...

If so, I was thinking I could set up a GPO which will push out the Windows 2000 Support Tools on the desktop of the assigned people?  From there, they could launch ADUC's?  

Does this make sense?  Is there a better way?

Thanks
0
msadexchman
Asked:
msadexchman
  • 2
1 Solution
 
mikeleebrlaCommented:
yes the would need the admin tools in order to do this.  you posted this question in the windows 2003 server area, but then you say you want to push the 2000 support tools to the users.  what kind of domain do you have 2000 or 2003?  what OS do your clients have?  After knowing that we can tell you what your clients will need to install in order to manage their OU.
0
 
msadexchmanAuthor Commented:
Thanks.

AD = 2003

OS = XP and 2000 Professional

0
 
mikeleebrlaCommented:
on xp clients just install the adminpak.exe that is on the server 2003 CD. If you don't have the server CD you can download it from the internet.
on 2000 clients im pretty sure you can install the same version ( you might get an error but just ignore it)


2003 version:
http://www.microsoft.com/downloads/details.aspx?FamilyID=C16AE515-C8F4-47EF-A1E4-A8DCBACFF8E3&displaylang=en

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314978


0
 
Netman66Commented:
Use this as a guid eto setup Delegation of the Reset Password permission to a security group that contains the members you chose.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/ctrlwiz.mspx

Scroll down to "Delegating Resetting of Passwords for All Users"


Then, use this one to make sure that they can enforce a password change at next logon.

http://support.microsoft.com/default.aspx?scid=kb;en-us;296999


Of course, you must have the Adminpak (as mentioned above) installed on the user(s) PCs that will be doing this.  

Make absolutely certain that your real Admin accounts are in the Domain level and that you delegate to a sub-OU or your *trusted* employees will be able to change those passwords and have their way.

Cheers,
NM
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now