Need to created limited admin account that can create users but not change main administrator password

Posted on 2007-10-01
Last Modified: 2010-04-11

I am supporting a Windows 2003 network and there is a person here that they want to give the ability to create users accounts but they do not want him to have the domain administrator's password or the ability to change it because they want to keep him out of some file directories.

Is this possible if there is only one OU?

Thanks a lot,
Question by:Bonnie_K
    LVL 70

    Assisted Solution

    Put the users whose passwords you want to be able to be changed in an OU and then use the delegation of contol wizard on the OU and delegate the right to reset passwords on that ou to the user (or better a group to which that user belongs - that way its easier to manage  - later on  you can just add/remove users from the group)
    LVL 70

    Expert Comment


    Author Comment

    I will check this out and let you know if I get it working.  Thanks
    LVL 8

    Accepted Solution

    On the OU that you want to grant permissions to create and change accounts grant them Read/Write and Delete permissions to the user object.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now