Improve company productivity with a Business Account.Sign Up

x
?
Solved

how to delegate administration of all users in an OU to a user

Posted on 2011-02-10
3
Medium Priority
?
703 Views
Last Modified: 2012-05-11
We want to delegate administration of our staff OU to a receptionist so they can update user details (mostly phone number) , reset passwords, etc. (server 2003 R2)

I have installed adminpak on the receptionist PC and delegated administrative rights on the OU as described here: http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

We find that the receptionist can ammend the phone numbers of most users in the OU, but some users appear to be read only and she cannot change their properties.  All users are in the same OU, it is hard to see what is different between the users she can change, and the ones she can't.

Any help appreciated.
0
Comment
Question by:VAWD
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 34865457

Any of the users administrative users?

Members of protected groups do not inherit permissions from the regular AD hierarchy. This is to prevent right escalation by someone resetting a password for a privileged account.

For instance, if you could reset a password on a Domain Admin account you suddenly are a domain admin.

Chris
0
 
LVL 13

Expert Comment

by:Felix Leven
ID: 34865472
Was there a 2008 server in the domain ?
0
 

Author Closing Comment

by:VAWD
ID: 34866226
Thats it.  Thanks
0

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway.  Forget that we don't back up the desktops - only the servers.  Well, let's sneak their data on…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question