Split from Delegating a user with reset password credentials

Home Forums Microsoft Networking and Management Services Active Directory Split from Delegating a user with reset password credentials

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    I’ve found this post useful… I am hoping for some additional information on this topic though.

    What I was able to do is delegate control to a user and select the ‘Reset user passwords and force password change at next login’ That part works, what I am wondering is two things…

    First, is there a way to prevent changes to accounts in the Administrator or Domain Admin group?

    Second, trying to follow up on hammo’s Unlock and Reset accounts info, I don’t see these options… the properties only show a general tab for the users and for a new OU I created show General, Managed By and COM+ tabs.

    What I am trying to do is grant password reset and unlock privileges to 4 domain users, but ideally I wouldn’t want them to be able to change admin accounts.

    Running Server 2003 R2 Standard (can upgrade to enterprise edition if that would allow more control).

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.