Solved

enable users to unlock their Own AD account

Posted on 2011-02-18
6
1,521 Views
1 Endorsement
Last Modified: 2012-08-13
I wonder if there is a way to give certain users the ability to unlock their own Active Directory accounts without creating a separate domain admins account?

Thanks
1
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 5

Accepted Solution

by:
NotVeryFat earned 167 total points
ID: 34924599
Not sure this is possible, because to be able to unlock an account a user has to authenticate against Active Directory. So, even if they have permission, if their account is locked, they won't be authenticated... As a domain admin, if my AD account is locked I have to get someone else to unlock it as I can't access AD...
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 166 total points
ID: 34924601
You can delegate right to global group to which you assign those users and set up "Reset users passwords and force password change at next logon" But they will be able to reset/unlock account also for other users (not only theirs) except domain administrators/enterprise administrators

Regards,
Krzysztof
0
 
LVL 4

Assisted Solution

by:majidhajali
majidhajali earned 167 total points
ID: 34924630
It is not very simple. you need to delegate control for each account, it means you have to apply persmission ( delegate control) for example 300 times.
If you want to get rid of unlocking accounts, the best solution is to delegate the task to one of the helpdesks and delegate this permission to him/her.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:jskfan
ID: 34924722
So I can create 2 accounts a user .
Account1 and Account2
and delegate them the right of paasword reset.

would this work even if the Account1 has more privileges in AD than the Account2, for instance Account1 is account operator and Account2 is only domain user?


0
 

Author Comment

by:jskfan
ID: 34950310
in Security tab of a user Object.
Cannot I just add another account to ACL and give this account Full Control over the user object ?

For instance, in the properties of User1 /Security tab. I click add to add User2 and while highlighting User2 in the ACL I check the box Full Control.

Would this allow USER2 to reset password to User1? maybe more privileges?

0
 

Author Closing Comment

by:jskfan
ID: 35107638
thanks
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question