asked on

Need users to be able to unlock and change passwords in 2003 AD

I have a 2003 AD at a customers but am not there that often. I need to create a Security Group in the AD and give members of this group the ability to unlock other user's accounts and reset their passwords. Those are the only two things I want them to be able to do.

These specfic users are running XP Professional workstations and I have installed the 2003 Administrative Tools to their computers for they have access to the AD. I tried this long, long ago and had to give them Administrator rights to the Domain. I want to try again to give them just the unlock and reset password rights.

ASKER CERTIFIED SOLUTION

Joseph Daly

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

santhoshu

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

jimbecher

ASKER

I am going to start one at a time. The Delegation of Permissions seems like a simple way to do it but... it doesn't seem to work. I right clicled on the domain (wcc.local) and deligated the reset password permissions to the security group "ITAdminHelpers". I then got on on of the XP workstations as one of the users in the "ITAdminHelpers" group and tried changing my password. I got "Access Denied". I guess one question I have about the delegation process is "where can I see what I delegeated"? Maybe it didn't take?????