Solved

Active Directory Administrative Permissions for Users Within OUs

Posted on 2016-07-19
3
74 Views
Last Modified: 2016-08-03
For a Windows 2008 functional level Active Directory, what bare minimum permissions are required to allow a user to be able to unlock other users in the same OU as that user?

Trying to test this out via PowerShell but would like to only give the user bare minimum rights.

Is there also a permission that can be added to allow the user to reset other user passwords (only within that same OU)?
0
Comment
Question by:GR JN
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
Old User earned 500 total points
ID: 41719870
0
 

Author Comment

by:GR JN
ID: 41721444
When using Method 2 (ADSI Edit) and pulling up the user (principal), it defaults to add a number of permissions. Are those required or can they be deselected (List contents, read all properties, read permission, and so on).

The article states that it only needs Read lockoutTime and Write lockoutTime so do not want to add more permissions that required for that user.
0
 

Author Comment

by:GR JN
ID: 41731291
?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question