Solved

how to delegate administration of all users in an OU to a user

Posted on 2011-02-10
3
691 Views
Last Modified: 2012-05-11
We want to delegate administration of our staff OU to a receptionist so they can update user details (mostly phone number) , reset passwords, etc. (server 2003 R2)

I have installed adminpak on the receptionist PC and delegated administrative rights on the OU as described here: http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

We find that the receptionist can ammend the phone numbers of most users in the OU, but some users appear to be read only and she cannot change their properties.  All users are in the same OU, it is hard to see what is different between the users she can change, and the ones she can't.

Any help appreciated.
0
Comment
Question by:VAWD
3 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34865457

Any of the users administrative users?

Members of protected groups do not inherit permissions from the regular AD hierarchy. This is to prevent right escalation by someone resetting a password for a privileged account.

For instance, if you could reset a password on a Domain Admin account you suddenly are a domain admin.

Chris
0
 
LVL 13

Expert Comment

by:Felix Leven
ID: 34865472
Was there a 2008 server in the domain ?
0
 

Author Closing Comment

by:VAWD
ID: 34866226
Thats it.  Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now