Solved

Limited acces of active directory from XP machine.

Posted on 2007-11-20
8
588 Views
Last Modified: 2010-08-05
Hello
I want to know how can have limited access of Active Directory from XP Workstation.
I have installed Admin pack on xp machine, but i can see all the objects and users by that.

I want to set limited access.
i want to give one main user access to reset or change the password of one group of members only.

I want to know how can i filter the view of main user by which he will be able to view only one particuler group of users.

Thanks
0
Comment
Question by:kulvinder_10
8 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 20324083
By default, all Authenticated Users have read access to all of Active Directory; this can be modified only after extensive testing, as it can render features like Group Policy unusable.

You can create a limited-view Taskpad for a delegated administrator as follows: http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20324087
in AD, place this user in a particular container, right click this container and select DELEGATION.

In delegation, add this particular user, then you can give this user permission to reset password for users.

0
 
LVL 3

Author Comment

by:kulvinder_10
ID: 20324161
MCSE2007
I have tried that too, but it also atleast shows all the servers, computers and other used accounts on the active directory.

I want he will be able to see and modify only one group
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20324255
there is no way to accomplish your task using just the available features of AD, use can still be able to view the objects though?
0
 
LVL 3

Author Comment

by:kulvinder_10
ID: 20324321
LauraEHunterMVP i wil try your isea in couple of day and let you know

thanks
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20324643
If you delegate control to a group, then you can build and a custom taskpad which only lets the users see the objects and tasks that you deem necessary. See http://www.petri.co.il/create_taskpads_for_ad_operations.htm for an example of how to do this.
0
 
LVL 3

Author Comment

by:kulvinder_10
ID: 20331220

Thanks LauraEHunter
I have tried your idea on my Dummy machines and it seems to be working.

Thanks for your advice..
0
 
LVL 3

Author Closing Comment

by:kulvinder_10
ID: 31410253
Thanks Buddy
0

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now