Solved

Delegated User cannot modify Active Directory Settings

Posted on 2013-01-11
5
683 Views
Last Modified: 2013-04-10
Hi all,

We have two separate forest/domains, domain a and domain b. There is a 2 way-trust setup between the two of them.  I am unable to delegate permissions in ADUC on domain a with user accounts from domain b. I can move through the entire process of selecting their accounts, selecting their access, and completing the delegation wizard. I can even view their accounts in the Security Tab when i right click on any OU in my ADUC.  All appears fine and the way it should be.

Unfortunately when the user from domain b tries to access/modify any of the settings for a AD Object in domain A, they get an access denied message. Specifally that user cannot change a password, even thoug they have the correct delegated permission to perform this.

Any ideas on what needs to be done? I can connect in ADUC to all my domain controllers from domain B to domain A, i know its not server specific.
0
Comment
Question by:digitalhitman00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38767230
User in Domain A has sufficient  permission  on Domain B ?  What is the type of Group you are having with privileges - is it Domain Local
0
 

Author Comment

by:digitalhitman00
ID: 38767242
sorry, this is delegation for AD.  That user who lives in domain b who is trying to modify AD settings for a domain A, does not have an account in Domain A.  The trust is what allows me to delegate permissions for Active Direcotry for the user from Domain B.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38777324
0
 

Accepted Solution

by:
digitalhitman00 earned 0 total points
ID: 39051253
Maybe, but this is not an issue anymore as we got rid of PF recently. Thanks for all your help
0
 

Author Closing Comment

by:digitalhitman00
ID: 39065132
we dont use PF anymore.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2008 R2 time server is invalid 6 32
DNS server pulling non-authorative answer 3 29
Export AD group members. 1 22
ADFS MSIS7065 error 8 8
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question