Solved

HelpDesk can only change passwords for certain OUs in Win2K3 domain

Posted on 2006-07-03
5
297 Views
Last Modified: 2010-04-18
I am trying to go back and figure out the work that a previous network administrator did for our company. Our helpdesk only has access to change the passwords for certain OUs in our domain. Some OUs give them an "Access Denied" error message.

I thought it might be a group policy setting, but this user is in an OU that has group policy blocked from propagating to them.

Any thoughts would be appreciated.
0
Comment
Question by:richardmoses
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 100 total points
ID: 17033282
i would say he has used the delegation of control wizard on each OU
0
 
LVL 1

Author Comment

by:richardmoses
ID: 17033345
Is there a way I can tell who already has control on each OU? When I run the wizard, it doesn't give me any users.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 25 total points
ID: 17033688
rightclick on the OU and go to properties, then look at the security tab.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 17042790
i would agree with Jay_Jay.
the user might have permissions delegated.
to check for existing delegation you could use Acldiag.
i guess dsacl could also be used to check for existing delegations.
you could delegate permissions for a group (helpdesk) at the domain for performing certain functions and then add or remove users to and from the group as a best practice rathar then delegating to a particular user.
0
 
LVL 1

Author Comment

by:richardmoses
ID: 17042860
Thanks for the help...It looks like this is how he set it up. I have fixed accordingly.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question