Re: Delegate Active Directory: can't change other password in delgated group

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: msbob69 (hothot_at_iname.com)
Date: 07/28/04

  • Next message: mn4az: "Re: GPO and Software Installation" 
    Date: 28 Jul 2004 13:33:09 -0700

    I am confused by this answer.

    I have Active Directory setup like this:

    MYAD
    ------MYOU
              ----user1
              ----Delegated1
              ----Delegated2

    ------Users
              ----user2
              ----user3
              ----Delegated Admin (group)

    I go to user and computers and delegate control for MYOU to a group
    named Delgated Admin which contains Delegated1 and Delegated2.

    I created a custom MMC so they can only reset passwords for MYOU.

    The Delegated Admin group can change user1 password. (correct)

    The Delegated Admin group does not have permission user2 and user3
    because they do not have permission. (correct)

    The Delegated1 get "permission denied" when trying to change
    Delegated2 password?

    If I pull delegated1 and 2 out of the MYOU they will not be able to
    see their username in the custom MMC. So how will they be able to
    change their passwords?

    MSBOB69

    "Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message news:<#Axr2FEdEHA.3380@TK2MSFTNGP12.phx.gbl>...
    > You'll have to pull them out of that OU...
    >
    > --
    > --
    > Brian Desmond
    > Windows Server MVP
    > desmondb@payton.cps.k12.il.us
    >
    > http://www.briandesmond.com
    >

  • Next message: mn4az: "Re: GPO and Software Installation"