jskfan
asked on
Delegate help desk To unlock AD Accounts:
Delegate help desk To unlock AD Accounts:
I need to delegate Helpdesk to unlock AD account for users that have higher privileges than the Desktop users who have only Domain users privileges.
I believe this can be done through AD Delegation
Any step by step with screenshots will be vey much helpful.
Thanks
I need to delegate Helpdesk to unlock AD account for users that have higher privileges than the Desktop users who have only Domain users privileges.
I believe this can be done through AD Delegation
Any step by step with screenshots will be vey much helpful.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found out checking the security tab of an OU will show if the user group I gave permission is there or not... disregard my last comment....
ASKER
however if I open up properties of user group I gave permissions and click Advanced then select the group click Edit , next to Apply to : Descendant User objects.
it does not tell you to which OU is applied to ....
it does not tell you to which OU is applied to ....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
But how do you audit the user group to which object has permissions?
when I go back to the user group I created and gave it Delegation, I can not tell to which OU it has delegation....
Until , I go to the OU then I see the user group there under Security tab,
when I go back to the user group I created and gave it Delegation, I can not tell to which OU it has delegation....
Until , I go to the OU then I see the user group there under Security tab,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mmmm...
I realized the Delegated security group cannot unlock domain admins account..
I realized the Delegated security group cannot unlock domain admins account..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
http://windowsitpro.com/security/q-how-can-i-delegate-right-unlock-locked-active-directory-ad-user-accounts
followed steps 1 to 9
but I could not get a domain user to unlock account of a Domain Admins user
followed steps 1 to 9
but I could not get a domain user to unlock account of a Domain Admins user
ASKER
Thanks
ASKER
but how do I verify that the Delegation was applied to only that OU...
and confirm that user group I gave permissions to unlock account at OU1 is not able to do the same at OU2 level ?
Thanks