Solved

Limited Active Directory permissions for non admin user

Posted on 2013-01-17
5
1,193 Views
Last Modified: 2013-01-17
Hello,
We have hired a Level 1 tech with about a year of experience. we want him to be able to reset passwords and unlock user accounts in active directory without giving him admin rights. i vaguely remember an AD tool (MMC) that was loaded to the local machine that would do this but i read somewhere that it was discontinued after Server 2000.

Any Ideas?

Thanks, and here is relevent info.

Server 2008.
0
Comment
Question by:CLSmithAdmin
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38788010
Great question and good thought to not give them domain admin.  The tool they would use is Active Directory Users and Computers

You can delegate tasks to the Level 1 tech using the delegation control wizard.  The wizard gives you some decent default choices.

You can also extend that wizard

http://adisfun.blogspot.com/2009/08/extend-ad-delegation-control-wizard.html

Thanks

Mike
0
 

Author Comment

by:CLSmithAdmin
ID: 38788096
Thank you for this, but how then does the user get to AD users and groups? he doesn't have rights to log into the Domain controller where AD is located. is there a remote MMC for AD Users and Computers? I suggested to my counterpart a RDP session directly to that, using admin credentials, but he is skeptical.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 38788159
You can download the RSAT tools on the users machine   http://www.microsoft.com/en-us/download/details.aspx?id=7887

more on the install http://www.petri.co.il/remote-server-administration-tools-for-windows-7.htm

Thanks

Mike
0
 

Author Comment

by:CLSmithAdmin
ID: 38788258
Thank you very much!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38788418
No problem, and nice work not making him an admin.

Thanks

Mike
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question