make restricted admin account for specific OU
Posted on 2006-04-07
I need to make a user account that can change and reset passwords for a specific OU.
But that's it.
So if this user was to open "Active Directory Users and Computers" and visit the OU they had permission to change passwords on, a given users properties page options would be greyed out *EXCEPT* for the "Account is locked out" check box in the "Account options" section of the "Account" tab and they would be able to right click a users account and change it too.
I know I have to create an OU to put this quasi-admin in, but I'm not sure how to construct the permissions.