Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how to delegate administration of all users in an OU to a user

Posted on 2011-02-10
3
Medium Priority
?
699 Views
Last Modified: 2012-05-11
We want to delegate administration of our staff OU to a receptionist so they can update user details (mostly phone number) , reset passwords, etc. (server 2003 R2)

I have installed adminpak on the receptionist PC and delegated administrative rights on the OU as described here: http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

We find that the receptionist can ammend the phone numbers of most users in the OU, but some users appear to be read only and she cannot change their properties.  All users are in the same OU, it is hard to see what is different between the users she can change, and the ones she can't.

Any help appreciated.
0
Comment
Question by:VAWD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 34865457

Any of the users administrative users?

Members of protected groups do not inherit permissions from the regular AD hierarchy. This is to prevent right escalation by someone resetting a password for a privileged account.

For instance, if you could reset a password on a Domain Admin account you suddenly are a domain admin.

Chris
0
 
LVL 13

Expert Comment

by:Felix Leven
ID: 34865472
Was there a 2008 server in the domain ?
0
 

Author Closing Comment

by:VAWD
ID: 34866226
Thats it.  Thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question