Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 693
  • Last Modified:

Delegated User cannot modify Active Directory Settings

Hi all,

We have two separate forest/domains, domain a and domain b. There is a 2 way-trust setup between the two of them.  I am unable to delegate permissions in ADUC on domain a with user accounts from domain b. I can move through the entire process of selecting their accounts, selecting their access, and completing the delegation wizard. I can even view their accounts in the Security Tab when i right click on any OU in my ADUC.  All appears fine and the way it should be.

Unfortunately when the user from domain b tries to access/modify any of the settings for a AD Object in domain A, they get an access denied message. Specifally that user cannot change a password, even thoug they have the correct delegated permission to perform this.

Any ideas on what needs to be done? I can connect in ADUC to all my domain controllers from domain B to domain A, i know its not server specific.
0
digitalhitman00
Asked:
digitalhitman00
  • 3
  • 2
1 Solution
 
Ram BalachandranCommented:
User in Domain A has sufficient  permission  on Domain B ?  What is the type of Group you are having with privileges - is it Domain Local
0
 
digitalhitman00Author Commented:
sorry, this is delegation for AD.  That user who lives in domain b who is trying to modify AD settings for a domain A, does not have an account in Domain A.  The trust is what allows me to delegate permissions for Active Direcotry for the user from Domain B.
0
 
digitalhitman00Author Commented:
Maybe, but this is not an issue anymore as we got rid of PF recently. Thanks for all your help
0
 
digitalhitman00Author Commented:
we dont use PF anymore.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now