We help IT Professionals succeed at work.
Get Started

Active Directory - delegate control (WS2012R2)

Last Modified: 2015-08-04
Trying to get my head around delegation!
I have got an OU (sales) where I delegated access to a user (Fred) which is not part of the Domain admins.
I just want the user to be able to reset password or create user within this OU. All permissions set correctly.

The issue I am having is that I don't know how user (Fred) can login to AD & create those changes.
I tried login on to the server with Fred details but cannot.
I do get 2 errors while trying to login (by the way this is an hyper v DC)

1) The sign-in method you're trying to use isn't allowed. For more info contact your network administrator

or if trying via RDS

2) To sign in remotely, you need the right to sign through RDS, blah..
(as well as adding Fred though RDS group, he also has been added manually to the RDS on the server)

Not sure what I am missing or even why Fred cannot login to the server after being added manually to the remote access on the server.

Watch Question
Systems Administrator
This problem has been solved!
Unlock 1 Answer and 5 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE