Re: Force password change permission
- From: "SecAdmin" <SecAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 Aug 2005 07:36:01 -0700
Does anyone know where all these are documented?
"Joe Richards [MVP]" wrote:
> That would have to be a bug in the GUI then. You only need WP to pwdLastSet to
> force an account to have to change its password (make it expired).
>
> Write Account Restrictions gives far more rights than that, last I looked it
> gave you all of these
>
> > accountExpires
> > msDS-User-Account-Control-Computed
> > pwdLastSet
> > userAccountControl
> > userParameters
>
> which is far more rights than reset password and force to change on next logon.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Todd J Heron wrote:
> > Nick wrote:
> >
> >>Hi there,
> >>
> >>I'm having trouble delegating control of an OU to a user. I want this user
> >>to be able to reset passwords and force the user to change their password
> >>upon their next login. I've used the delegation control wizard to give the
> >>user these permissions, and the permissions appear correct in the ACL (has
> >>permission to reset password and to write pwdlastset) - the result is that
> >>although they can reset the password successfully, the 'user must change
> >>password upon next logon' checkbox is greyed out.
> >>
> >>Any help is much appreciated!
> >>
> >>Cheers,
> >>Nick
> >
> >
> > The user needs "Write Account Restrictions" to be able to make this happen.
> > http://support.microsoft.com/default.aspx?scid=KB;en-us;296999
> >
>
.
- Follow-Ups:
- Re: Force password change permission
- From: Joe Richards [MVP]
- Re: Force password change permission
- Prev by Date: Re: ADAM Replication of System Attributes
- Next by Date: Re: Delegation of computer's Location property
- Previous by thread: Mocing domains -Win2k domains
- Next by thread: Re: Force password change permission
- Index(es):
Relevant Pages
|
