Solved

giving access to active directory to a manager

Posted on 2014-10-27
6
48 Views
Last Modified: 2015-04-09
Hi,

I want to give access to a manager to our active directory .... to only one group of users... so that he can unlock the accounts when they get locked out.

is there any plugin or software i can use for this purpose.

the manager is at our remote site location. Our environment is Windows server 2008 and Exchange Server 2010.

Thanks
0
Comment
Question by:o0JoeCool0o
6 Comments
 
LVL 27

Expert Comment

by:Dan McFadden
ID: 40406466
Here is link that describes "Delegating Control" of objects in AD.

Link:  http://support.microsoft.com/kb/294952

The article says to right-click on the domain, but you can also delegate down at the OU level.  So if all you users are under a specific OU, I would do this from there.  This way the person or group can only unlock accounts the are children of the location.  The delegate control wizard will walk you thru assigning the permission(s) you want to give out.

Dan
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40406468
No plugin or software needed, you can do this via ADSI Edit. See here for the steps: http://support2.microsoft.com/default.aspx?scid=kb;EN-US;279723
0
 
LVL 4

Author Comment

by:o0JoeCool0o
ID: 40406471
is there any app so that the manager can use on his phone to unlock accounts?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 27

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40406474
None that I know of.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40406490
AD HelpDesk Lite by IMPLBits.com for IOS devices
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40410608
yep Neil is right, I used AD Helpdesk for a long time. You do need a VPN connection or have wireless access to the lan when on site.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question