Windows 2008 Fine Grant Passwords and Delegation

Right now I have a 2008 parent child domain. MY parent domain is just a place holder and all of my user account are in my child domain. Right now my help Desk has the ability to reset user passwords.
Today I found out that management wants to how have two password policies for our child domain.
1) one for regaulr users and the other for admins
2) The help desk also needs the ability to unlock user accounts

how can I setup two password policies? I know you can do this in 2008 but I never did it before? Ca nI have 2 password policies in a child domain only? What additonal permissions do i need to give my help desk in order for them to unlock uer accounts?

Can I use dsquery or dsget to dump all current A.D permission groups currently have...
LVL 20
Who is Participating?
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
In order to use Fine Grained Password Policy you will need to make sure that first you are running domain functional level 2008. If this is true follow the step-by-step guide here and you should be on your way.
compdigit44Author Commented:
It is ok to run a fine grain pws policy in a child domain and not the parent?

What permission do I need to give my help desk users in AD in order for them to unlock accounts?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.