CLSmithAdmin
asked on
Limited Active Directory permissions for non admin user
Hello,
We have hired a Level 1 tech with about a year of experience. we want him to be able to reset passwords and unlock user accounts in active directory without giving him admin rights. i vaguely remember an AD tool (MMC) that was loaded to the local machine that would do this but i read somewhere that it was discontinued after Server 2000.
Any Ideas?
Thanks, and here is relevent info.
Server 2008.
We have hired a Level 1 tech with about a year of experience. we want him to be able to reset passwords and unlock user accounts in active directory without giving him admin rights. i vaguely remember an AD tool (MMC) that was loaded to the local machine that would do this but i read somewhere that it was discontinued after Server 2000.
Any Ideas?
Thanks, and here is relevent info.
Server 2008.
ASKER
Thank you for this, but how then does the user get to AD users and groups? he doesn't have rights to log into the Domain controller where AD is located. is there a remote MMC for AD Users and Computers? I suggested to my counterpart a RDP session directly to that, using admin credentials, but he is skeptical.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much!
No problem, and nice work not making him an admin.
Thanks
Mike
Thanks
Mike
You can delegate tasks to the Level 1 tech using the delegation control wizard. The wizard gives you some decent default choices.
You can also extend that wizard
http://adisfun.blogspot.com/2009/08/extend-ad-delegation-control-wizard.html
Thanks
Mike