Re: Resetting user passwords

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Tue, 13 Jan 2009 08:45:12 -0500, Tim Munro wrote:

To prevent each Local Admin for changing other OU's user accounts, you
need to set up rights delegation at the OU level. I have done this and
it works very well.
For example:

dsacls ou=%OUPath% /I:S /G "%LocalAdminGroup%:CA;Reset Password;user"

Will grant the right to change passwords.

--
Tim.


"chris" <racerx@xxxxxxxxxxxxx> wrote in message
news:u8IplkWdJHA.3708@xxxxxxxxxxxxxxxxxxxxxxx
Greetings!

Here's the objective:

I would like to pass off resetting user passwords on user accounts to
the administrators of each site.

The administrators do not have domain admin access. All they should be
able to do is reset passwords, enable accounts, and disable accounts.

Each site is in it's own OU along with the sites users.

Administrator from site A should not be able to see and access other
users from site B, C, D and so on.

Can this be scripted?

TIA

Chris

No no - you didn't read what I said. Each site admin does NOT have either
local or domain admin privs. They are just users.

I do know I can give them access via the OU as you mentioned however, I'm
looking for something easy for an end user to use to reset passwords for
the users in the same OU as the site admin.

Perhaps I mislead you with site admin. Site meaning the physical
location. admin as in some use that has the ability to reset password
without any elevated access.
.