Re: Help with Delegation Wizard

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Marc (Marc_at_nospam.com)
Date: 03/05/04 

Date: Thu, 4 Mar 2004 19:10:42 -0500

Christoffer

The user I have delegated reset password to shows up in the security of the
OU but not in the security properties of the individual users in that OU. I
have to modify each single user setting and check off "Allow inheritable
permissions from the parent to propagate to this object"

The question now becomes how do I set that setting globally so that I do not
need to do each object individually and then have to remember to do each new
one?

Marc

Chriss3" <noSpamHere@chrisse.se> wrote in message
news:Os$ivxZAEHA.1796@TK2MSFTNGP12.phx.gbl...
> Have you done other changes to the ACL within the Directory as you know?
>
> Lets have a look the particular delegated users Effective Permissions at
an
> object in the Delegated OU.
>
> Right click one of the users in the OU that you that hi should be
available
> to rest the password for. Click Security Tab, and Click Advanced, then
Click
> the Effective Permissions Tab, Select the particular users you have
delegate
> the control to and se what you get in the list below.
>
> --
> Regards
> Christoffer Andersson
>
> No email replies please - reply in the newsgroup
>
> "Marc" <Marc@nospam.com> skrev i meddelandet
> news:%231EzNmZAEHA.3712@tk2msftngp13.phx.gbl...
> > Christoffer
> >
> > I checked the event logs on both DC's and all looks good. Added a line
to
> > the login script and the updated script replicated immediately.
> >
> > Marc
> >
> > "Chriss3" <noSpamHere@chrisse.se> wrote in message
> > news:eAV9xMZAEHA.2576@TK2MSFTNGP11.phx.gbl...
> > > Do you have more then once Domain Controller, this may can be a
> > replication
> > > problem.
> > >
> > > --
> > > Regards
> > > Christoffer Andersson
> > >
> > > No email replies please - reply in the newsgroup
> > >
> > > "Marc" <Marc@nospam.com> skrev i meddelandet
> > > news:%23fz8w%23YAEHA.3284@TK2MSFTNGP09.phx.gbl...
> > > > Chistoffer
> > > >
> > > > It does the same thing no matter how I try.
> > > >
> > > > Marc
> > > >
> > > > "Chriss3" <noSpamHere@chrisse.se> wrote in message
> > > > news:u92S3rYAEHA.1464@tk2msftngp13.phx.gbl...
> > > > > Mark if the particular user try to do so in AD Users and Computer
> for
> > an
> > > > > account in the delegated ou, dose same thing happen?
> > > > >
> > > > > --
> > > > > Regards
> > > > > Christoffer Andersson
> > > > >
> > > > > No email replies please - reply in the newsgroup
> > > > >
> > > > > "Marc" <Marc@nospam.com> skrev i meddelandet
> > > > > news:%239gy8jYAEHA.3456@TK2MSFTNGP09.phx.gbl...
> > > > > > Hi Christoffer
> > > > > >
> > > > > > Yes I set the Reset Password Right. Checked the advanced
> properties
> > to
> > > > > make
> > > > > > sure and it's there. It only works if I make him member a member
> of
> > > > > "Domain
> > > > > > Admins: or the local "Administrators" group.
> > > > > >
> > > > > > Anything else I can try?
> > > > > >
> > > > > > Regards
> > > > > > Marc
> > > > > >
> > > > > > "Chriss3" <noSpamHere@chrisse.se> wrote in message
> > > > > > news:uPC0QdYAEHA.1456@TK2MSFTNGP09.phx.gbl...
> > > > > > > Marc , Did you delegate the Rest Password right?
> > > > > > >
> > > > > > > Step-by-Step Guide to Using the Delegation of Control Wizard
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/delegsteps.asp
> > > > > > >
> > > > > > > --
> > > > > > > Regards
> > > > > > > Christoffer Andersson
> > > > > > >
> > > > > > > No email replies please - reply in the newsgroup
> > > > > > >
> > > > > > > "Marc" <Marc@nospam.com> skrev i meddelandet
> > > > > > > news:erDeZbYAEHA.2576@TK2MSFTNGP11.phx.gbl...
> > > > > > > > Hi All
> > > > > > > >
> > > > > > > > I am trying to delegate the function of changing passwords
to
> a
> > > non
> > > > > > > > administrator.I created a custom console containing the OU I
> > want
> > > > him
> > > > > to
> > > > > > > > manage, I ran the delegation wizard, saved the console,
> deployed
> > > it,
> > > > > and
> > > > > > > > when he tries to apply a password change, he gets access
> denied.
> > > > > > > >
> > > > > > > > What else need to happen for this to work?
> > > > > > > >
> > > > > > > > Any help would be appreciated.
> > > > > > > >
> > > > > > > > Thank You in advance
> > > > > > > >
> > > > > > > > Marc
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: problem delegating some user management power to a group
    ... What the Delegation Of Control Wizard dose is to modify the security for the ... >> You have to delegate the reset password right. ... >> Microsoft MVP - Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • [NEWS] DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... DeleGate is a multi-purpose ...
    (Securiteam)
  • Re: Delegation Assistance
    ... The attributes don't correspond to what you can delegate (or give ... You will need to edit the security ... >> After looking through the delegation on a user object it doesn't ...
    (microsoft.public.windows.server.active_directory)
  • Re: Root privilege (SOLVED)
    ... Upgrading those binaries is a potential security ... AFAICT sudo is actually plugging some of the holes mentioned in that ... It has logging and you can delegate specific tasks or even ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)