Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Limited acces of active directory from XP machine.

Posted on 2007-11-20
8
Medium Priority
?
597 Views
Last Modified: 2010-08-05
Hello
I want to know how can have limited access of Active Directory from XP Workstation.
I have installed Admin pack on xp machine, but i can see all the objects and users by that.

I want to set limited access.
i want to give one main user access to reset or change the password of one group of members only.

I want to know how can i filter the view of main user by which he will be able to view only one particuler group of users.

Thanks
0
Comment
Question by:kulvinder_10
8 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 750 total points
ID: 20324083
By default, all Authenticated Users have read access to all of Active Directory; this can be modified only after extensive testing, as it can render features like Group Policy unusable.

You can create a limited-view Taskpad for a delegated administrator as follows: http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20324087
in AD, place this user in a particular container, right click this container and select DELEGATION.

In delegation, add this particular user, then you can give this user permission to reset password for users.

0
 
LVL 3

Author Comment

by:kulvinder_10
ID: 20324161
MCSE2007
I have tried that too, but it also atleast shows all the servers, computers and other used accounts on the active directory.

I want he will be able to see and modify only one group
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 7

Expert Comment

by:mcse2007
ID: 20324255
there is no way to accomplish your task using just the available features of AD, use can still be able to view the objects though?
0
 
LVL 3

Author Comment

by:kulvinder_10
ID: 20324321
LauraEHunterMVP i wil try your isea in couple of day and let you know

thanks
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20324643
If you delegate control to a group, then you can build and a custom taskpad which only lets the users see the objects and tasks that you deem necessary. See http://www.petri.co.il/create_taskpads_for_ad_operations.htm for an example of how to do this.
0
 
LVL 3

Author Comment

by:kulvinder_10
ID: 20331220

Thanks LauraEHunter
I have tried your idea on my Dummy machines and it seems to be working.

Thanks for your advice..
0
 
LVL 3

Author Closing Comment

by:kulvinder_10
ID: 31410253
Thanks Buddy
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question