Solved

Delegate reset/unlock user a/c password Active directory

Posted on 2014-02-03
10
3,572 Views
Last Modified: 2014-02-04
Dear Friends

I have a situation for which I have to give reset/unlock user a/c password permission to one of the domain user. So I open dsa.msc and right click on the OU and ran the delegate control wizard. I have then create an mmc and added active directory user and password snap in and saved the mmc.

But when I gave that mmc to the user he can't open that .
it says
"MMC could not create the snap in"


whats the easy way to give a user permission to reset user password or unlock an a/c if it gets locked.

Thanks again and I need a quick help on this.
0
Comment
Question by:Kmitra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39831059
Hi.

Install RSAT at his machine and you 'll be fine.
0
 
LVL 5

Author Comment

by:Kmitra
ID: 39831133
I have install rsat and reboot ed the pc still same error.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39831199
By default all domain users have read access to Active Directory. If you install RSAT on this computer and it cannot open the with the users profile, then it might be something with the PC itself. If you install this on another computer does this work for you? Have you checked the event viewer too see if there are any specific error messages which would provide more detail related to this issue?

Will
0
Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

 
LVL 5

Author Comment

by:Kmitra
ID: 39831239
Do I still use the mmc I created in the server and paste it on users desktop or I have to do some thing else. This is a regular user ac.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39831313
Try the following...
- login as the user (domain user granted permissions)
- click start>run>mmc
- add the ADUC to the users MMC
- Save the MMC console on the users desktop
- Open the console

You should be able to view all of active directory but only modify the settings/objects that you have delegated.

Will.
0
 
LVL 5

Author Comment

by:Kmitra
ID: 39831442
Login to users pc or the domain controller.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 200 total points
ID: 39831683
To the users pc.
But check the following: on that client, open appwiz.cpl and move to "install windows features" and see whether all required RSAT subfeatures are already installed (like active directory management).
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 39832032
When you install RSAT on a windows 7 machine you need to enable the features. Simply running the exe does not install it. You will need to enable what you want. You do this from the Programs and Features and then click on "turn windows features on or off" look for RSAT and enable the features you want.

Will.
0
 
LVL 2

Expert Comment

by:allen_rich
ID: 39832086
OU can achieve this using delegated permission and using remote server administration tools.Please follow the given steps:

1. Create a group that you will put your admins in that you want to grant the permissions to create accounts and reset passwords

2. Right click the OU and then select "Delegate Control"

3. click next on the Main screen

4. click add and select the group you created in step 1

5. click create, delete, and manage user accounts and reset user passwords and force password change at next logon

6. click next then finish
0
 
LVL 5

Author Comment

by:Kmitra
ID: 39833869
Rsat tool was installed and I went and turned on the features.

But guess what I didn't turn them ALL on.

So when I went back and turn the AD features on under RSAT it was all good.

Thanks
0

Featured Post

Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How ldap located a Domain controller? 22 77
VMWare 101 9 91
Ms Access 2010 Setup (Executable file) 4 65
Frequency of Windows Server updates 27 128
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question