Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Delegated User cannot modify Active Directory Settings

Posted on 2013-01-11
5
682 Views
Last Modified: 2013-04-10
Hi all,

We have two separate forest/domains, domain a and domain b. There is a 2 way-trust setup between the two of them.  I am unable to delegate permissions in ADUC on domain a with user accounts from domain b. I can move through the entire process of selecting their accounts, selecting their access, and completing the delegation wizard. I can even view their accounts in the Security Tab when i right click on any OU in my ADUC.  All appears fine and the way it should be.

Unfortunately when the user from domain b tries to access/modify any of the settings for a AD Object in domain A, they get an access denied message. Specifally that user cannot change a password, even thoug they have the correct delegated permission to perform this.

Any ideas on what needs to be done? I can connect in ADUC to all my domain controllers from domain B to domain A, i know its not server specific.
0
Comment
Question by:digitalhitman00
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38767230
User in Domain A has sufficient  permission  on Domain B ?  What is the type of Group you are having with privileges - is it Domain Local
0
 

Author Comment

by:digitalhitman00
ID: 38767242
sorry, this is delegation for AD.  That user who lives in domain b who is trying to modify AD settings for a domain A, does not have an account in Domain A.  The trust is what allows me to delegate permissions for Active Direcotry for the user from Domain B.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38777324
0
 

Accepted Solution

by:
digitalhitman00 earned 0 total points
ID: 39051253
Maybe, but this is not an issue anymore as we got rid of PF recently. Thanks for all your help
0
 

Author Closing Comment

by:digitalhitman00
ID: 39065132
we dont use PF anymore.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question