InSearchOf
asked on
Domain Admins
We run Windows 2003 Active Directory on a single domain.I would like certain people to have the ability to unlock user accounts when they get locked out. Do they have to be Domain Admins to do this? I would rather not if I do not have to. I am trying to limit the number of Domain Admins we have but at the same time delegate more responsibility to certain individuals.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent! Thanks for the help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i don't agree with you that: delegated permissions in "inexperienced" hands is that the permissions are hidden from you! because any delegated privilege you assign to a user you will find it in security tab of that OU, and from there you can see all the permission that you have given to users and group.
http://support.microsoft.com/kb/294952/en-us