Solved

Limited Active Directory permissions for non admin user

Posted on 2013-01-17
5
1,196 Views
Last Modified: 2013-01-17
Hello,
We have hired a Level 1 tech with about a year of experience. we want him to be able to reset passwords and unlock user accounts in active directory without giving him admin rights. i vaguely remember an AD tool (MMC) that was loaded to the local machine that would do this but i read somewhere that it was discontinued after Server 2000.

Any Ideas?

Thanks, and here is relevent info.

Server 2008.
0
Comment
Question by:CLSmithAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38788010
Great question and good thought to not give them domain admin.  The tool they would use is Active Directory Users and Computers

You can delegate tasks to the Level 1 tech using the delegation control wizard.  The wizard gives you some decent default choices.

You can also extend that wizard

http://adisfun.blogspot.com/2009/08/extend-ad-delegation-control-wizard.html

Thanks

Mike
0
 

Author Comment

by:CLSmithAdmin
ID: 38788096
Thank you for this, but how then does the user get to AD users and groups? he doesn't have rights to log into the Domain controller where AD is located. is there a remote MMC for AD Users and Computers? I suggested to my counterpart a RDP session directly to that, using admin credentials, but he is skeptical.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 38788159
You can download the RSAT tools on the users machine   http://www.microsoft.com/en-us/download/details.aspx?id=7887

more on the install http://www.petri.co.il/remote-server-administration-tools-for-windows-7.htm

Thanks

Mike
0
 

Author Comment

by:CLSmithAdmin
ID: 38788258
Thank you very much!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38788418
No problem, and nice work not making him an admin.

Thanks

Mike
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question