Problem managing accounts in protected groups
- From: Steve <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2008 08:42:01 -0700
Before I ask my question, here is our basic setup:
We have a single Windows 2003 Domain. Within the domain there are two OUs
that contain users. OU A has users who DO NOT have desktop restictions
through GPOs and OU B is for users who DO HAVE some desktop restrictions. We
have created a new group called Account Management. This group contains users
in both OUs and should have permission to unlock accounts and reset
passwords. The permissions for this group have been applied to OU B and it
all works perfectly. The permissions for this group have also been applied to
OU A.
Here is the problem. Most members of OU A are either members of Domain
Admins or Backup Operators. Even after setting the permissions on the
AdminSDHolder container and having those permissions propagate to the
protected accounts, the Account Mangement group still cannot manage lockouts
or passwords for the users in the protected groups. Users in OU A who are not
in protected groups can be managed properly.
I know that there is a way to remove certain groups from being protected,
but I do not have permission to do that.
How can I get this group to be able to manage members of the protected groups?
I would appreciate suggestions for other things to try, or pointers in the
right direction. Thank you.
--
Technical Support is usually neither.
.
- Follow-Ups:
- Re: Problem managing accounts in protected groups
- From: Meinolf Weber
- Re: Problem managing accounts in protected groups
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Problem managing accounts in protected groups
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Problem managing accounts in protected groups
- Prev by Date: Re: Logging Application Login attempts
- Next by Date: Re: Can't Sync with PDC server
- Previous by thread: GPO
- Next by thread: Re: Problem managing accounts in protected groups
- Index(es):
Relevant Pages
|
