RE: Reset user passwords permission
- From: Brian McCann <BrianMcCann@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 23 Jul 2005 20:47:01 -0700
Hi Carl,
When you go into look at the permission on the AD object click the Advanced
button and then select on one of the permissions that you delegated to this
new group. Take a look at where it says "Apply Onto". From what you said it
sounds like this is set to "This Object Only". It needs to be changed to
"This Object and all Child Objects"
Please let me know if that helps.
Brian McCann
www.AdminPrep.com
"Carl Thoreson" wrote:
> I have a group of administrators that I wish to grant access to have them be
> able to reset other users passwords and control group membership. I have
> created a global security group and added the users to the group. I have run
> the delegate control wizard and delegated the tasks of reset user passwords
> and force password change at next logon, read all user information, and
> modify the membership of a group. When I go to the security tab of the
> container, I see the group with the appropriate permissions. HOWEVER, the
> permissions are not propagating down to the individual users. If I check the
> security tab on any existing user, the group is not listed. If I create a
> new user in the container, the group is then listed on the security tab and
> the password can be reset.
>
> We have a mix of 2000 and 2003 Domain Controllers. The delegate control
> wizard was run on a 2003 server that is designated as the Operations Master,
> Schema Master, PDC emulator, etc.
>
> Any ideas?
.
- References:
- Reset user passwords permission
- From: Carl Thoreson
- Reset user passwords permission
- Prev by Date: Re: Is there any reader out there for Questions posted on this web.
- Next by Date: Re: Logon scripts won't run.
- Previous by thread: Reset user passwords permission
- Next by thread: Re: Reset user passwords permission
- Index(es):
