Re: Account Operators accessing other account operators
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Fri, 10 Feb 2006 00:40:25 -0500
Not with acc ops.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Christian Lamparth wrote:
Hi Matt.
you can either delegate control to the OU by right click on the OU and choose delegage or you can assign spefic admin rights to a user/group in the default domain security settings/user rights assignment tab. good luck
"Matt" wrote:
We have a Windows 2003 (SP1) AD domain. Our helpdesk staff our aco*** operators and they can successfully manage the company's user accounts. They cannot access builtin accounts such as domain administrators (which I know is by design and is what I want).
However, and this is my problem, is that they cannot reset passwords or unlock the accounts of the other account operators. If a helpdesk staff locks their account the other helpdesk staff cannot unlock it; and they have to wait for me to do it (I'm a domain admin). I did read an article saying that this was by design since Windows 2000 SP4. However this is not particularly helpful to me.
I am being pushed to get this resolved and do not want to give them domain admin rights. Please can anyone help.
- References:
- Prev by Date: Re: Account Operators accessing other account operators
- Next by Date: Re: Account Operators accessing other account operators
- Previous by thread: Re: Account Operators accessing other account operators
- Next by thread: Install DC on the non secure server room.
- Index(es):
Loading
