Solved

Active Directory Administrative Permissions for Users Within OUs

Posted on 2016-07-19
3
51 Views
Last Modified: 2016-08-03
For a Windows 2008 functional level Active Directory, what bare minimum permissions are required to allow a user to be able to unlock other users in the same OU as that user?

Trying to test this out via PowerShell but would like to only give the user bare minimum rights.

Is there also a permission that can be added to allow the user to reset other user passwords (only within that same OU)?
0
Comment
Question by:GR JN
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
Old User earned 500 total points
ID: 41719870
0
 

Author Comment

by:GR JN
ID: 41721444
When using Method 2 (ADSI Edit) and pulling up the user (principal), it defaults to add a number of permissions. Are those required or can they be deselected (List contents, read all properties, read permission, and so on).

The article states that it only needs Read lockoutTime and Write lockoutTime so do not want to add more permissions that required for that user.
0
 

Author Comment

by:GR JN
ID: 41731291
?
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now