Re: Certain Accounts can only be unlocked by Domain Admins

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello Steven,

What script do you mean? The AdminSdholder is a default configuration what shouldn't be changed.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Question:

If I run the vbscrip provided by Microsoft that should resolve the
issue, right?

Steven

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb662326d8cb9dce7d1c3ac0@xxxxxxxxxxxxxxxxxxxxxxx

Hello Steven,

Expected behaviour, because lower level users are not allowed to
unlock higher level ones or change them.

See here about AdminSDholder:
http://policelli.com/blog/?p=136
Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
To All:

Windows accounts with Domain Admins rights can only be unlocked by
Domain Admins.

Our Help Desk personnels can unlock any accounts but the ones with
Domain Admins rights.

Under security settings, the Help Desk has Full Control to User
objects, don't have the ability to unlock Domain Admin accounts.

I've read an article from MS about this issue, but unable to locate
it.

Any help would be greatly appreciated it.

Steven



.

Relevant Pages

  • Re: Certain Accounts can only be unlocked by Domain Admins
    ... Meinolf Weber ... unlock higher level ones or change them. ... Windows accounts with Domain Admins rights can only be unlocked by ...
    (microsoft.public.windows.server.active_directory)
  • Re: Certain Accounts can only be unlocked by Domain Admins
    ... If you have exact that issue use the hotfix provided at the top of the KB, ... unlock higher level ones or change them. ... Windows accounts with Domain Admins rights can only be unlocked by ...
    (microsoft.public.windows.server.active_directory)
  • Re: Certain Accounts can only be unlocked by Domain Admins
    ... I have 3 Domain Admins in our environment. ... If 1 or 2 of us are out on sick, vacation, sleeping etc and the only available DA account is locked, then the Help Desk has no access to unlock it. ... I need to find a solution where the Help Desk personnel has the ability to do so, unless you're telling that this is a "standard", in order to protect the A.D. infrastructure. ... Windows accounts with Domain Admins rights can only be unlocked by ...
    (microsoft.public.windows.server.active_directory)
  • Re: Certain Accounts can only be unlocked by Domain Admins
    ... Create an emergency domain admin account or use the administrator with a long strong password in an envelope for such cases. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... I have 3 Domain Admins in our environment. ... then the Help Desk has no access to unlock it. ...
    (microsoft.public.windows.server.active_directory)