Solved

how to delegate administration of all users in an OU to a user

Posted on 2011-02-10
3
694 Views
Last Modified: 2012-05-11
We want to delegate administration of our staff OU to a receptionist so they can update user details (mostly phone number) , reset passwords, etc. (server 2003 R2)

I have installed adminpak on the receptionist PC and delegated administrative rights on the OU as described here: http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html

We find that the receptionist can ammend the phone numbers of most users in the OU, but some users appear to be read only and she cannot change their properties.  All users are in the same OU, it is hard to see what is different between the users she can change, and the ones she can't.

Any help appreciated.
0
Comment
Question by:VAWD
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34865457

Any of the users administrative users?

Members of protected groups do not inherit permissions from the regular AD hierarchy. This is to prevent right escalation by someone resetting a password for a privileged account.

For instance, if you could reset a password on a Domain Admin account you suddenly are a domain admin.

Chris
0
 
LVL 13

Expert Comment

by:Felix Leven
ID: 34865472
Was there a 2008 server in the domain ?
0
 

Author Closing Comment

by:VAWD
ID: 34866226
Thats it.  Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question