Kmitra
asked on
Delegate reset/unlock user a/c password Active directory
Dear Friends
I have a situation for which I have to give reset/unlock user a/c password permission to one of the domain user. So I open dsa.msc and right click on the OU and ran the delegate control wizard. I have then create an mmc and added active directory user and password snap in and saved the mmc.
But when I gave that mmc to the user he can't open that .
it says
"MMC could not create the snap in"
whats the easy way to give a user permission to reset user password or unlock an a/c if it gets locked.
Thanks again and I need a quick help on this.
I have a situation for which I have to give reset/unlock user a/c password permission to one of the domain user. So I open dsa.msc and right click on the OU and ran the delegate control wizard. I have then create an mmc and added active directory user and password snap in and saved the mmc.
But when I gave that mmc to the user he can't open that .
it says
"MMC could not create the snap in"
whats the easy way to give a user permission to reset user password or unlock an a/c if it gets locked.
Thanks again and I need a quick help on this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
By default all domain users have read access to Active Directory. If you install RSAT on this computer and it cannot open the with the users profile, then it might be something with the PC itself. If you install this on another computer does this work for you? Have you checked the event viewer too see if there are any specific error messages which would provide more detail related to this issue?
Will
Will
ASKER
Do I still use the mmc I created in the server and paste it on users desktop or I have to do some thing else. This is a regular user ac.
Try the following...
- login as the user (domain user granted permissions)
- click start>run>mmc
- add the ADUC to the users MMC
- Save the MMC console on the users desktop
- Open the console
You should be able to view all of active directory but only modify the settings/objects that you have delegated.
Will.
- login as the user (domain user granted permissions)
- click start>run>mmc
- add the ADUC to the users MMC
- Save the MMC console on the users desktop
- Open the console
You should be able to view all of active directory but only modify the settings/objects that you have delegated.
Will.
ASKER
Login to users pc or the domain controller.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OU can achieve this using delegated permission and using remote server administration tools.Please follow the given steps:
1. Create a group that you will put your admins in that you want to grant the permissions to create accounts and reset passwords
2. Right click the OU and then select "Delegate Control"
3. click next on the Main screen
4. click add and select the group you created in step 1
5. click create, delete, and manage user accounts and reset user passwords and force password change at next logon
6. click next then finish
1. Create a group that you will put your admins in that you want to grant the permissions to create accounts and reset passwords
2. Right click the OU and then select "Delegate Control"
3. click next on the Main screen
4. click add and select the group you created in step 1
5. click create, delete, and manage user accounts and reset user passwords and force password change at next logon
6. click next then finish
ASKER
Rsat tool was installed and I went and turned on the features.
But guess what I didn't turn them ALL on.
So when I went back and turn the AD features on under RSAT it was all good.
Thanks
But guess what I didn't turn them ALL on.
So when I went back and turn the AD features on under RSAT it was all good.
Thanks
ASKER