• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3837
  • Last Modified:

Delegate reset/unlock user a/c password Active directory

Dear Friends

I have a situation for which I have to give reset/unlock user a/c password permission to one of the domain user. So I open dsa.msc and right click on the OU and ran the delegate control wizard. I have then create an mmc and added active directory user and password snap in and saved the mmc.

But when I gave that mmc to the user he can't open that .
it says
"MMC could not create the snap in"


whats the easy way to give a user permission to reset user password or unlock an a/c if it gets locked.

Thanks again and I need a quick help on this.
0
Kmitra
Asked:
Kmitra
  • 4
  • 3
  • 2
  • +1
3 Solutions
 
McKnifeCommented:
Hi.

Install RSAT at his machine and you 'll be fine.
0
 
KmitraAuthor Commented:
I have install rsat and reboot ed the pc still same error.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
By default all domain users have read access to Active Directory. If you install RSAT on this computer and it cannot open the with the users profile, then it might be something with the PC itself. If you install this on another computer does this work for you? Have you checked the event viewer too see if there are any specific error messages which would provide more detail related to this issue?

Will
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
KmitraAuthor Commented:
Do I still use the mmc I created in the server and paste it on users desktop or I have to do some thing else. This is a regular user ac.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Try the following...
- login as the user (domain user granted permissions)
- click start>run>mmc
- add the ADUC to the users MMC
- Save the MMC console on the users desktop
- Open the console

You should be able to view all of active directory but only modify the settings/objects that you have delegated.

Will.
0
 
KmitraAuthor Commented:
Login to users pc or the domain controller.
0
 
McKnifeCommented:
To the users pc.
But check the following: on that client, open appwiz.cpl and move to "install windows features" and see whether all required RSAT subfeatures are already installed (like active directory management).
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
When you install RSAT on a windows 7 machine you need to enable the features. Simply running the exe does not install it. You will need to enable what you want. You do this from the Programs and Features and then click on "turn windows features on or off" look for RSAT and enable the features you want.

Will.
0
 
allen_richCommented:
OU can achieve this using delegated permission and using remote server administration tools.Please follow the given steps:

1. Create a group that you will put your admins in that you want to grant the permissions to create accounts and reset passwords

2. Right click the OU and then select "Delegate Control"

3. click next on the Main screen

4. click add and select the group you created in step 1

5. click create, delete, and manage user accounts and reset user passwords and force password change at next logon

6. click next then finish
0
 
KmitraAuthor Commented:
Rsat tool was installed and I went and turned on the features.

But guess what I didn't turn them ALL on.

So when I went back and turn the AD features on under RSAT it was all good.

Thanks
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now