Solved

Restricting privledges on AD for  a user.

Posted on 2011-03-06
5
342 Views
Last Modified: 2012-05-11
Hi

We use windows 2003 server AD . I have a staff who has  joined our  support department  and i want to give him access to AD. He should have limited access to AD permissions only change user passwords.He should nor be allowed to create users delete users or delete any objects in the AD.

How to i configure this any tutorials will be helpful.

Thanks
0
Comment
Question by:lianne143
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 

Author Comment

by:lianne143
ID: 35046069
He will be accessing AD from  XP PCs  around the network . Do i need to install Admin Tools on all the  PC in the network to access AD
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 334 total points
ID: 35046437
Yes.. u need to install Admin pak..

Create group in AD and give delegated permission to that group and add the user to that group..

Regards,
Prem
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 334 total points
ID: 35046445
0
 
LVL 6

Assisted Solution

by:dave_it
dave_it earned 166 total points
ID: 35061512
You'll only need to install the Adminpak on the PC which the user will logon to.  But I wouldn't do that until after you've run the Delegation of Control wizard in AD and given the user the permissions you want.
0
 

Author Closing Comment

by:lianne143
ID: 35194059
sorted
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question