How do I create a custom "AD users and computers" that only allows changing of passwords and unlocking accounts

Posted on 2009-02-20
Last Modified: 2012-05-06
I want to create an interface to allow CSRs to unlock Active Directory accounts.  I don't want to install the Admin Pak as the "Account Operators Group" will give them too much power.
Question by:daverdal
    1 Comment
    LVL 58

    Accepted Solution

    You'd first have to delegate the appropriate permissions over the OUs the users need control on. This is achieved using the Delegation of Control wizard.

    Once you've done that, in order to create a custom view, you'd need to create an Active Directory Taskpad. This allows you to specify default operations in the MMC view which the users have quick access to:


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now