Help Desk to reset/unlock user accounts in AD
What is the easiest way for our help desk to reset accounts in AD? We are at 2003 function level for both domain and forest. I have tried to make a MMC and delegate the authority but it is not consistent. Lockoutstatus does not allow the password to be reset. We will be going to 2008 server in a few months and I would like to implement the solution then. I would like to have a Microsoft solution if possible, and not a 3rd party solution.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have tried to create a task pad for the help desk but I cannot figure out how to make the task pad work for ALL users in AD, not just in an OU.
I also tried the delegate control. This works but not for all users, even users in the same OU. One user you can reset and the other user everything is grayed out.
I also tried the delegate control. This works but not for all users, even users in the same OU. One user you can reset and the other user everything is grayed out.
Make sure you are following the steps correctly.
ASKER
Dariusq - I did follow the steps correctly and had someone else double check them as well.
The issue with some of our users not working with the delegated control to the help desk seems to be corrected if the account is deleted and recreated. I did one so far and it worked, have about 70 users. Will not know until I do a few more successfully. Not sure if this is because the accounts have been in AD since Windows 2000??
The issue with some of our users not working with the delegated control to the help desk seems to be corrected if the account is deleted and recreated. I did one so far and it worked, have about 70 users. Will not know until I do a few more successfully. Not sure if this is because the accounts have been in AD since Windows 2000??
That shouldn't matter. Run a dcdiag and post.
ASKER
I agree that should not matter, but it is a Microsoft product. ;-))
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: MAIN\MASTER
Starting test: Connectivity
......................... MASTER passed test Connectivity
Doing primary tests
Testing server: MAIN\MASTER
Starting test: Replications
......................... MASTER passed test Replications
Starting test: NCSecDesc
......................... MASTER passed test NCSecDesc
Starting test: NetLogons
......................... MASTER passed test NetLogons
Starting test: Advertising
......................... MASTER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MASTER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MASTER passed test RidManager
Starting test: MachineAccount
......................... MASTER passed test MachineAccount
Starting test: Services
......................... MASTER passed test Services
Starting test: ObjectsReplicated
......................... MASTER passed test ObjectsReplicated
Starting test: frssysvol
......................... MASTER passed test frssysvol
Starting test: frsevent
......................... MASTER passed test frsevent
Starting test: kccevent
......................... MASTER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001502
Time Generated: 01/11/2010 14:44:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 14:44:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 14:44:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:24
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:33
(Event String could not be retrieved)
......................... MASTER failed test systemlog
Starting test: VerifyReferences
......................... MASTER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxxx
Starting test: CrossRefValidation
......................... xxxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxxx passed test CheckSDRefDom
Running enterprise tests on : xxxx.com
Starting test: Intersite
......................... xxxx.com passed test Intersite
Starting test: FsmoCheck
......................... xxxx.com passed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: MAIN\MASTER
Starting test: Connectivity
......................... MASTER passed test Connectivity
Doing primary tests
Testing server: MAIN\MASTER
Starting test: Replications
......................... MASTER passed test Replications
Starting test: NCSecDesc
......................... MASTER passed test NCSecDesc
Starting test: NetLogons
......................... MASTER passed test NetLogons
Starting test: Advertising
......................... MASTER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MASTER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MASTER passed test RidManager
Starting test: MachineAccount
......................... MASTER passed test MachineAccount
Starting test: Services
......................... MASTER passed test Services
Starting test: ObjectsReplicated
......................... MASTER passed test ObjectsReplicated
Starting test: frssysvol
......................... MASTER passed test frssysvol
Starting test: frsevent
......................... MASTER passed test frsevent
Starting test: kccevent
......................... MASTER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001502
Time Generated: 01/11/2010 14:44:12
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 14:44:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 14:44:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:24
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/11/2010 15:01:33
(Event String could not be retrieved)
......................... MASTER failed test systemlog
Starting test: VerifyReferences
......................... MASTER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : xxxx
Starting test: CrossRefValidation
......................... xxxx passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... xxxx passed test CheckSDRefDom
Running enterprise tests on : xxxx.com
Starting test: Intersite
......................... xxxx.com passed test Intersite
Starting test: FsmoCheck
......................... xxxx.com passed test FsmoCheck
All looks well but what errors are you getting in the Event logs?
ASKER
Still have issues with it working as documented in
https://www.experts-exchange.com/questions/22716022/Allow-HelpDesk-to-unlock-user-accounts.html
http://forums.techarena.in/active-directory/16290.htm
http://windowsitpro.com/article/articleid/82228/jsi-tip-8660-how-can-an-ordinary-user-unlock-a-user-account.html
https://www.experts-exchange.com/questions/22716022/Allow-HelpDesk-to-unlock-user-accounts.html
http://forums.techarena.in/active-directory/16290.htm
http://windowsitpro.com/article/articleid/82228/jsi-tip-8660-how-can-an-ordinary-user-unlock-a-user-account.html
ASKER