Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Active Directory Administrative Permissions for Users Within OUs

Posted on 2016-07-19
3
Medium Priority
?
95 Views
Last Modified: 2016-08-03
For a Windows 2008 functional level Active Directory, what bare minimum permissions are required to allow a user to be able to unlock other users in the same OU as that user?

Trying to test this out via PowerShell but would like to only give the user bare minimum rights.

Is there also a permission that can be added to allow the user to reset other user passwords (only within that same OU)?
0
Comment
Question by:GR JN
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
Old User earned 2000 total points
ID: 41719870
0
 

Author Comment

by:GR JN
ID: 41721444
When using Method 2 (ADSI Edit) and pulling up the user (principal), it defaults to add a number of permissions. Are those required or can they be deselected (List contents, read all properties, read permission, and so on).

The article states that it only needs Read lockoutTime and Write lockoutTime so do not want to add more permissions that required for that user.
0
 

Author Comment

by:GR JN
ID: 41731291
?
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question