• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

Helpdesk and passwords

Hello Experts,

We're using Active Directory 2003 in native mode. I've given the helpdesk the ablility to change users passwords. But for some reason, they can't change all of my users passwords. It could be 2 users in the same OU. They could change 1 user password, but not the other, the the 2 users could be in the same groups. I don't understand what's stopping them. I've tried delegating control at the OU level to the group and still no changes. If I put them in the domain admins group it works. But we don't want that of course.
  • 2
2 Solutions
If the users have been in an administrative group they may had the adminsdhodler property set, or inheritance blocks which sops the help desk updating them. See


for more info
SandeshdubeySenior Server EngineerCommented:
It seems that permission is not inherited on user object or ou/sub ous make sure that permission is inherited.

Checked that delegation is set correctly.http://support.microsoft.com/kb/296999

Delegated permissions are not available and inheritance is automatically disabled

How to View or Delete Active Directory Delegated Permissions
Delegated permission is removed if the ADminSdHolder count is >1. If the users have been removed from any admin groups you can use ADSIEdit to reset to "0" and also reset permissions inheritance. If the user is stikll in an admin group then this will be removed within 15 minutes...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now