How do I provide limited Active Directory access so that a Helpdesk tech can utilize it to perform basic functions?
Posted on 2014-01-02
I have a Helpdesk tech that I would like to offload basic SysAdmin duties to. I would like to provide him access to Active Directory to do the simple functions like resetting Windows account, unlocking accounts, and changing password, etc. How do I configure AD for him so that he can perform only these functions? I do not want to give more access than that.
Environment: AD on Windows Server 2008 R2 Enterprise