Delegation of user management to OU not working - Access Denied!
Posted on 2010-08-27
OK, I've read and tried everything to no avail. All I'm trying to do is Delegate simple user admin tasks to an OU so that a small group of remote admins can manage the users within this OU. Sounds simple, eh? :)
No matter what I do, even If I delegate "Full Control", the users in the security group that I delegated rights to always end up getting the "User must change password at next logon" box checked under the users properties / Account tab. Unchecking this and hitting ok/apply gives the following error > "The following Active Directory error occurred: Access Denied." I've even created a new test OU, but got the same results so it's not related to the OU. If I Login using my domain admin account, everything works fine so it's obviously permission related, but what do I need to do, pray to the Permissions God's and beg for forgiveness? This should be so simple yet it's really frustrating... Any ideas?