Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Delegated User cannot modify Active Directory Settings

Posted on 2013-01-11
5
Medium Priority
?
692 Views
Last Modified: 2013-04-10
Hi all,

We have two separate forest/domains, domain a and domain b. There is a 2 way-trust setup between the two of them.  I am unable to delegate permissions in ADUC on domain a with user accounts from domain b. I can move through the entire process of selecting their accounts, selecting their access, and completing the delegation wizard. I can even view their accounts in the Security Tab when i right click on any OU in my ADUC.  All appears fine and the way it should be.

Unfortunately when the user from domain b tries to access/modify any of the settings for a AD Object in domain A, they get an access denied message. Specifally that user cannot change a password, even thoug they have the correct delegated permission to perform this.

Any ideas on what needs to be done? I can connect in ADUC to all my domain controllers from domain B to domain A, i know its not server specific.
0
Comment
Question by:digitalhitman00
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38767230
User in Domain A has sufficient  permission  on Domain B ?  What is the type of Group you are having with privileges - is it Domain Local
0
 

Author Comment

by:digitalhitman00
ID: 38767242
sorry, this is delegation for AD.  That user who lives in domain b who is trying to modify AD settings for a domain A, does not have an account in Domain A.  The trust is what allows me to delegate permissions for Active Direcotry for the user from Domain B.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38777324
0
 

Accepted Solution

by:
digitalhitman00 earned 0 total points
ID: 39051253
Maybe, but this is not an issue anymore as we got rid of PF recently. Thanks for all your help
0
 

Author Closing Comment

by:digitalhitman00
ID: 39065132
we dont use PF anymore.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question