Solved

Delegated User cannot modify Active Directory Settings

Posted on 2013-01-11
5
690 Views
Last Modified: 2013-04-10
Hi all,

We have two separate forest/domains, domain a and domain b. There is a 2 way-trust setup between the two of them.  I am unable to delegate permissions in ADUC on domain a with user accounts from domain b. I can move through the entire process of selecting their accounts, selecting their access, and completing the delegation wizard. I can even view their accounts in the Security Tab when i right click on any OU in my ADUC.  All appears fine and the way it should be.

Unfortunately when the user from domain b tries to access/modify any of the settings for a AD Object in domain A, they get an access denied message. Specifally that user cannot change a password, even thoug they have the correct delegated permission to perform this.

Any ideas on what needs to be done? I can connect in ADUC to all my domain controllers from domain B to domain A, i know its not server specific.
0
Comment
Question by:digitalhitman00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38767230
User in Domain A has sufficient  permission  on Domain B ?  What is the type of Group you are having with privileges - is it Domain Local
0
 

Author Comment

by:digitalhitman00
ID: 38767242
sorry, this is delegation for AD.  That user who lives in domain b who is trying to modify AD settings for a domain A, does not have an account in Domain A.  The trust is what allows me to delegate permissions for Active Direcotry for the user from Domain B.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38777324
0
 

Accepted Solution

by:
digitalhitman00 earned 0 total points
ID: 39051253
Maybe, but this is not an issue anymore as we got rid of PF recently. Thanks for all your help
0
 

Author Closing Comment

by:digitalhitman00
ID: 39065132
we dont use PF anymore.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question