?
Solved

how to assign user account only enable and disable user function at AD ?

Posted on 2014-02-04
5
Medium Priority
?
344 Views
Last Modified: 2014-02-22
I only grant a enable/disable account function to special AD account. how to do that ?
0
Comment
Question by:jimlo1
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:Biniek
ID: 39834910
You have to delegate special permissions " Read userAccountControl and Write userAccountControl" for user accounts.

There are some instructions how to do it:

http://www.jasonprahl.com/2006/06/delegate-control-to-disableenable-user-accounts/

http://thebackroomtech.com/2009/07/01/howto-delegate-the-enabledisable-accounts-permission-in-active-directory/
0
 

Author Comment

by:jimlo1
ID: 39841166
Hi Biniek,

I implemened your instrustion but it doesn't work as attached
result.docx
0
 
LVL 6

Accepted Solution

by:
Biniek earned 1500 total points
ID: 39841435
Hi Jimlo1,

In Your question You asked about enable/disable account, and now You want to Unlock user account,

id does not work, because there was other permissions

There is information how to delegate the Unlock Account Right:

How can I delegate the right to unlock locked Active Directory (AD) user accounts?
http://windowsitpro.com/security/q-how-can-i-delegate-right-unlock-locked-active-directory-ad-user-accounts
0
 

Author Comment

by:jimlo1
ID: 39849295
Dear Biniek,

I followed your instruction. It is working . Thank you very much. But I found a other weird event in AD. I clicked a that checkbox in attached file and click "Apply" button. At a moment, this checkbox is unclick . Why???????????
Checkbox-.docx
0
 

Author Comment

by:jimlo1
ID: 39863919
Hi Biniek or experts,

Can you help to solve this problem ?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question