Solved

Active Directory - Ability to disable an account but not enable

Posted on 2014-04-24
4
1,259 Views
Last Modified: 2014-04-26
Hi EE

Does anyone know if there is a way to grant an account the ability to disable other AD accounts but not be able to enable accounts ?

I am in a 2003 domain functional level
0
Comment
Question by:MilesLogan
4 Comments
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 250 total points
ID: 40021735
You need to delegate a lot in order to do what you want

I found this that might guide you

http://briandesmond.com/blog/delegating-enable-disable-account-rights-in-active-directory/
0
 
LVL 12

Assisted Solution

by:Sandeep
Sandeep earned 250 total points
ID: 40022933
I am not sure if this can be achieved as with Delegate control you can grant permissions to modify the user settings which include the overall permission. There is no such specific permission set like disable or enable users in the Delegate control option.
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 40023934
Thanks for the info , yeah I didn't think it was possible ..
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40024283
Note: it would be possible if you moved those currently disabled accounts to an OU below the OU you are granting disable+enable permissions on if you disabled inheritance of permissions. We don't need to use the delegation of control wizard but ->properties ->security will do it.

Or what is your mission's objective? Grant rights to disable but keep the currently disabled ones from being enabled, no?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question