Re: Righs to unlock accounts:Set "read/write accountlockout" time, but option is still gray out
From: Marlon Brown (marlon_brown_at_hotmail.com)
Date: 11/30/04
- Next message: ChaChi: "Configure a Global Group to Be a Member of Local Administrator Gro"
- Previous message: Marlon Brown: "Righs to unlock accounts:Set "read/write accountlockout" time, but option is still gray out"
- In reply to: Marlon Brown: "Righs to unlock accounts:Set "read/write accountlockout" time, but option is still gray out"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Nov 2004 09:21:24 -0800
Never mind. I reapplied the setting and for whatever reason it works now.
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news:OHpEPCw1EHA.2180@TK2MSFTNGP10.phx.gbl...
> I need to allow helpdesk to 'unlock' accounts under a certain OU.
>
> This is a Win 2000 SP4 AD.
> I run the AD Users & Computers from my WinXPSP2 console. I follow the
steps
> below, but when I logon as myhelpdeskguy and attempt to access the
"account
> lockout" from a respective locked user account, the option is gray-out.
> Please note that the account I am trying to unlock is locked because I see
> the "account lockout" option checked.
>
> I run the below from a WInXPSP2 Users & Computers console connected to my
> DC1. I go back to the respective OU, Propertiers, Security tab and I
> confirm that the "read/write lockouttime" is checked. Still helpdesk folks
> can't unlock accounts.
>
> What am I missing here ?
>
>
>
> To delegate the right to a group or user: 1. Create the group or user
> account that you want to have the right to unlock user accounts in Active
> Directory Users and Computers (for example, Help Desk Admins).
> 2. Right-click the domain in Active Directory Users and Computers,
and
> then click Delegate Control from the menu that is displayed.
> 3. The Delegation of Control Wizard should be displayed. On the
> Welcome dialog box, click Next.
> 4. On the Users and Groups dialog box, click Add. Select the group
in
> the list that you want to give the right to unlock accounts, and then
click
> OK. On the Users and Groups dialog box, click Next.
> 5. On the Tasks to Delegate dialog box, click Create a custom task
to
> delegate, and then click Next.
> 6. On the Active Directory Object Type dialog box, click Only the
> following objects in the folder:. In the list, click User objects (the
last
> entry in the list), and then click Next.
> 7. On the Permissions dialog box, click to clear the General check
> box, and then click to select the Property-specific check box. In the
> Permissions list, click to select the Read lockoutTime check box, click to
> select the Write lockoutTime check box, and then click Next.
> 8. On the Completing the Delegation of Control Wizard dialog box,
> click Finish.
>
>
>
- Next message: ChaChi: "Configure a Global Group to Be a Member of Local Administrator Gro"
- Previous message: Marlon Brown: "Righs to unlock accounts:Set "read/write accountlockout" time, but option is still gray out"
- In reply to: Marlon Brown: "Righs to unlock accounts:Set "read/write accountlockout" time, but option is still gray out"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
