Need to created limited admin account that can create users but not change main administrator password

Posted on 2007-10-01
Medium Priority
Last Modified: 2010-04-11

I am supporting a Windows 2003 network and there is a person here that they want to give the ability to create users accounts but they do not want him to have the domain administrator's password or the ability to change it because they want to keep him out of some file directories.

Is this possible if there is only one OU?

Thanks a lot,
Question by:Bonnie_K
  • 2
LVL 70

Assisted Solution

KCTS earned 800 total points
ID: 19992390
Put the users whose passwords you want to be able to be changed in an OU and then use the delegation of contol wizard on the OU and delegate the right to reset passwords on that ou to the user (or better a group to which that user belongs - that way its easier to manage  - later on  you can just add/remove users from the group)

Author Comment

ID: 19992404
I will check this out and let you know if I get it working.  Thanks

Accepted Solution

smilerz earned 1200 total points
ID: 19992448
On the OU that you want to grant permissions to create and change accounts grant them Read/Write and Delete permissions to the user object.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question