Solved

limit AD Helpdesk account

Posted on 2014-03-31
1
564 Views
Last Modified: 2014-04-04
Hi,

I need to create a Active Directory user account that has the ability to join a pc to the domain, create user accounts and Exchange 2010 mailboxes.

What groups would the user need to be a part of?

We do not want the user to have full domain admin, or server admin. The account is for a helpdesk tech.

Thanks!
0
Comment
Question by:Encinitas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 37

Accepted Solution

by:
Mahesh earned 75 total points
ID: 39967785
In default domain Policy grant account "add workstation to domain" user rights

Finally use delegation of control wizard at domain.com level and give delegated permission to that account to join computers to domain

The above two permissions are required in order to work that properly

Also Add user to accounts operator built-in group in active directory for user management
This includes password reset, new account creation, adding and removing from groups, changing common attributes such as phone no and so on.

Assign that account recipient management role on exchange server to manage mailboxes

Mahesh.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question