Solved

limit AD Helpdesk account

Posted on 2014-03-31
1
551 Views
Last Modified: 2014-04-04
Hi,

I need to create a Active Directory user account that has the ability to join a pc to the domain, create user accounts and Exchange 2010 mailboxes.

What groups would the user need to be a part of?

We do not want the user to have full domain admin, or server admin. The account is for a helpdesk tech.

Thanks!
0
Comment
Question by:Encinitas
1 Comment
 
LVL 36

Accepted Solution

by:
Mahesh earned 75 total points
ID: 39967785
In default domain Policy grant account "add workstation to domain" user rights

Finally use delegation of control wizard at domain.com level and give delegated permission to that account to join computers to domain

The above two permissions are required in order to work that properly

Also Add user to accounts operator built-in group in active directory for user management
This includes password reset, new account creation, adding and removing from groups, changing common attributes such as phone no and so on.

Assign that account recipient management role on exchange server to manage mailboxes

Mahesh.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question