Solved

HelpDesk can only change passwords for certain OUs in Win2K3 domain

Posted on 2006-07-03
5
299 Views
Last Modified: 2010-04-18
I am trying to go back and figure out the work that a previous network administrator did for our company. Our helpdesk only has access to change the passwords for certain OUs in our domain. Some OUs give them an "Access Denied" error message.

I thought it might be a group policy setting, but this user is in an OU that has group policy blocked from propagating to them.

Any thoughts would be appreciated.
0
Comment
Question by:richardmoses
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 100 total points
ID: 17033282
i would say he has used the delegation of control wizard on each OU
0
 
LVL 1

Author Comment

by:richardmoses
ID: 17033345
Is there a way I can tell who already has control on each OU? When I run the wizard, it doesn't give me any users.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 25 total points
ID: 17033688
rightclick on the OU and go to properties, then look at the security tab.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 17042790
i would agree with Jay_Jay.
the user might have permissions delegated.
to check for existing delegation you could use Acldiag.
i guess dsacl could also be used to check for existing delegations.
you could delegate permissions for a group (helpdesk) at the domain for performing certain functions and then add or remove users to and from the group as a best practice rathar then delegating to a particular user.
0
 
LVL 1

Author Comment

by:richardmoses
ID: 17042860
Thanks for the help...It looks like this is how he set it up. I have fixed accordingly.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question