[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 693
  • Last Modified:

Giving a user the right to change passwords

I am the admin for a relativley large Windows 2003 network in a school district.  I have 3 Tech aides who are not very thechnical but I would like to give them the ability to change and reset passwords in thier own buildings.  I would like for them to have a custom console so that they can browse AD and change passwords. What is the best way to do this whithout giving them too much access?
0
jp_tech
Asked:
jp_tech
2 Solutions
 
Krzysztof PytkoActive Directory EngineerCommented:
Create an OU for that user and delegate permissions for him
0
 
SGrossmannCommented:
See this article.Delegating permissions within active directory.http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Sorry, on OU where he should be able to chabge passwords, delegate him permissions :)
0
 
oBdACommented:
Right-click the OU in which the user objects are (NOT any domain admins!) and use the delegation of control wizard to allow a group(!) "PasswordReset" or whatever to change the password.
Allow the same group to change the "User must change password" attribute (on W2k3, you do NOT have to edit dssec.dat!), it's not included by default and usually *very* necessary:
Minimum permissions are needed for a delegated administrator to force password change at next logon procedure
http://support.microsoft.com/kb/296999

Create the taskpad (note that the ADUC MMC from adminpak.msi has to be installed on any admin clients, the MMC alone is not enough):
Create Taskpads for Active Directory Operations
http://www.petri.co.il/create_taskpads_for_ad_operations.htm
0
 
jp_techAuthor Commented:
Sgrossman prided a good link that provided instructions for giving the proper delegation and obda provided the information for creating the custom MMC. Thanks guys.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now