Re: Force password change permission
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Mon, 25 Jul 2005 21:53:05 -0400
That would have to be a bug in the GUI then. You only need WP to pwdLastSet to force an account to have to change its password (make it expired).
Write Account Restrictions gives far more rights than that, last I looked it gave you all of these
accountExpires msDS-User-Account-Control-Computed pwdLastSet userAccountControl userParameters
which is far more rights than reset password and force to change on next logon.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
Todd J Heron wrote:
Nick wrote:
Hi there,
I'm having trouble delegating control of an OU to a user. I want this user to be able to reset passwords and force the user to change their password upon their next login. I've used the delegation control wizard to give the user these permissions, and the permissions appear correct in the ACL (has permission to reset password and to write pwdlastset) - the result is that although they can reset the password successfully, the 'user must change password upon next logon' checkbox is greyed out.
Any help is much appreciated!
Cheers, Nick
The user needs "Write Account Restrictions" to be able to make this happen. http://support.microsoft.com/default.aspx?scid=KB;en-us;296999
.
- References:
- Force password change permission
- From: Nick
- Re: Force password change permission
- From: Todd J Heron
- Force password change permission
- Prev by Date: Re: Proper RAID config?
- Next by Date: Re: Everyone can change password in 2003
- Previous by thread: Re: Force password change permission
- Next by thread: Is there a way to remove orphaned group policies??
- Index(es):
Relevant Pages
|
