Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Limited Active Directory permissions for non admin user

Posted on 2013-01-17
5
Medium Priority
?
1,207 Views
Last Modified: 2013-01-17
Hello,
We have hired a Level 1 tech with about a year of experience. we want him to be able to reset passwords and unlock user accounts in active directory without giving him admin rights. i vaguely remember an AD tool (MMC) that was loaded to the local machine that would do this but i read somewhere that it was discontinued after Server 2000.

Any Ideas?

Thanks, and here is relevent info.

Server 2008.
0
Comment
Question by:CLSmithAdmin
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38788010
Great question and good thought to not give them domain admin.  The tool they would use is Active Directory Users and Computers

You can delegate tasks to the Level 1 tech using the delegation control wizard.  The wizard gives you some decent default choices.

You can also extend that wizard

http://adisfun.blogspot.com/2009/08/extend-ad-delegation-control-wizard.html

Thanks

Mike
0
 

Author Comment

by:CLSmithAdmin
ID: 38788096
Thank you for this, but how then does the user get to AD users and groups? he doesn't have rights to log into the Domain controller where AD is located. is there a remote MMC for AD Users and Computers? I suggested to my counterpart a RDP session directly to that, using admin credentials, but he is skeptical.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 38788159
You can download the RSAT tools on the users machine   http://www.microsoft.com/en-us/download/details.aspx?id=7887

more on the install http://www.petri.co.il/remote-server-administration-tools-for-windows-7.htm

Thanks

Mike
0
 

Author Comment

by:CLSmithAdmin
ID: 38788258
Thank you very much!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38788418
No problem, and nice work not making him an admin.

Thanks

Mike
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question