Guest Special Access Posted October 11, 2007 Posted October 11, 2007 Hello again, I just got asked this question: They want to make a global group have the right to change passwords and unlock accounts for the members of a specific global group. I don't think this can be done unless you want to move the members of that group into a single OU and grant the necessary rights to the admins on that OU. I did some searching today on the MS site and found a couple KB articles that seem to confirm my thoughts, but I wanted to see if some ingenous person has found a way to do it. Thanks! Mike
Guest BJS1234 Posted October 11, 2007 Posted October 11, 2007 RE: Delegation to unlock account and reset passwords Hi, If i understand what you mean, all u need to is to put the accounts that need to be administered into the same OU, create a group for the Admins and set the group to have rights to change passwods, add them to the security list in the properties of that OU. I hope this is of use to you. Regards, Bola - Server Infrastructure Analyst -- nothing is impossible when you try! "Special Access" wrote: > Hello again, > > I just got asked this question: They want to make a global group have > the right to change passwords and unlock accounts for the members of a > specific global group. I don't think this can be done unless you want > to move the members of that group into a single OU and grant the > necessary rights to the admins on that OU. I did some searching today > on the MS site and found a couple KB articles that seem to confirm my > thoughts, but I wanted to see if some ingenous person has found a way > to do it. > > Thanks! > Mike >
Guest Special Access Posted October 12, 2007 Posted October 12, 2007 Re: Delegation to unlock account and reset passwords On Thu, 11 Oct 2007 03:36:00 -0700, BJS1234 <BJS1234@discussions.microsoft.com> wrote: >Hi, > >If i understand what you mean, all u need to is to put the accounts that >need to be administered into the same OU, create a group for the Admins and >set the group to have rights to change passwods, add them to the security >list in the properties of that OU. > >I hope this is of use to you. > >Regards, > >Bola - Server Infrastructure Analyst That is what I think needs to be done as well. Management wanted to see if we could restrict who they can administer by group rather than moving users to another (new) OU. I was hoping someone found a way to do it. Mike
Recommended Posts