Re: Problem managing accounts in protected groups
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Fri, 26 Sep 2008 21:02:30 +0200
Please read your own explanation again.
As I understand it you have a collection of users in some group which are allowed to reset passwords of domain admin accounts? and Backup Operators?
Am I missing something here or do you want non-domain admin users to reset the password of domain admin users?
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9C50CE59-58B6-4F16-B728-CE26DAD6F871@xxxxxxxxxxxxxxxx
Before I ask my question, here is our basic setup:
We have a single Windows 2003 Domain. Within the domain there are two OUs
that contain users. OU A has users who DO NOT have desktop restictions
through GPOs and OU B is for users who DO HAVE some desktop restrictions. We
have created a new group called Account Management. This group contains users
in both OUs and should have permission to unlock accounts and reset
passwords. The permissions for this group have been applied to OU B and it
all works perfectly. The permissions for this group have also been applied to
OU A.
Here is the problem. Most members of OU A are either members of Domain
Admins or Backup Operators. Even after setting the permissions on the
AdminSDHolder container and having those permissions propagate to the
protected accounts, the Account Mangement group still cannot manage lockouts
or passwords for the users in the protected groups. Users in OU A who are not
in protected groups can be managed properly.
I know that there is a way to remove certain groups from being protected,
but I do not have permission to do that.
How can I get this group to be able to manage members of the protected groups?
I would appreciate suggestions for other things to try, or pointers in the
right direction. Thank you.
--
Technical Support is usually neither.
.
- References:
- Problem managing accounts in protected groups
- From: Steve
- Problem managing accounts in protected groups
- Prev by Date: Re: Help Help Help
- Next by Date: Re: Problem managing accounts in protected groups
- Previous by thread: Problem managing accounts in protected groups
- Next by thread: Re: Problem managing accounts in protected groups
- Index(es):
Relevant Pages
|
