Delegated User cannot modify Active Directory Settings
Posted on 2013-01-11
We have two separate forest/domains, domain a and domain b. There is a 2 way-trust setup between the two of them. I am unable to delegate permissions in ADUC on domain a with user accounts from domain b. I can move through the entire process of selecting their accounts, selecting their access, and completing the delegation wizard. I can even view their accounts in the Security Tab when i right click on any OU in my ADUC. All appears fine and the way it should be.
Unfortunately when the user from domain b tries to access/modify any of the settings for a AD Object in domain A, they get an access denied message. Specifally that user cannot change a password, even thoug they have the correct delegated permission to perform this.
Any ideas on what needs to be done? I can connect in ADUC to all my domain controllers from domain B to domain A, i know its not server specific.