Active Directory Administrative Permissions for Users Within OUs

For a Windows 2008 functional level Active Directory, what bare minimum permissions are required to allow a user to be able to unlock other users in the same OU as that user?

Trying to test this out via PowerShell but would like to only give the user bare minimum rights.

Is there also a permission that can be added to allow the user to reset other user passwords (only within that same OU)?

Active DirectoryIT AdministrationWindows Server 2008

Last Comment

Rammy Charles

8/22/2022 - Mon

ASKER CERTIFIED SOLUTION

Old User

7/19/2016

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

GET A PERSONALIZED SOLUTION

Ask your own question & get feedback from real experts

Find out why thousands trust the EE community with their toughest problems.

Rammy Charles

7/20/2016

ASKER

When using Method 2 (ADSI Edit) and pulling up the user (principal), it defaults to add a number of permissions. Are those required or can they be deselected (List contents, read all properties, read permission, and so on).

The article states that it only needs Read lockoutTime and Write lockoutTime so do not want to add more permissions that required for that user.

Rammy Charles

7/27/2016

ASKER

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!

Certified Expert Program

Credly Partnership

Udemy Partnership