Re: Can't anyone help me with this?
From: Alex (Yukon_at_nospam.nospam)
Date: 07/02/04
- Next message: Dan Hawker: "RE: Migrating to 2003 - Revisited - FAO Bob Qin"
- Previous message: Bob Qin [MSFT]: "Re: Can't anyone help me with this?"
- In reply to: Johnny Wright: "Re: Can't anyone help me with this?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 2 Jul 2004 23:29:13 +0800
Hi Johnny,
I suggest that you first pick an user object that is having the problem and
check on the ACL of that user object. Make sure that your helpdesk really
has those rights that you mentioned.
Best Regards,
Alex
"Johnny Wright" <lactoz@hotmail.com> wrote in message
news:%23zF1xW8XEHA.1356@TK2MSFTNGP09.phx.gbl...
> Bob
> Thank you for your reply.
>
> What I have done is to delegate the change password and reset password
> permission to our helpdesk. I first applied this at the domain level and
> when this did not work I then tried it at the user's OU level. Regardless
> of where the delegation was applied the helpdesk was unable to check the
> "change password at next logon" box or unlock an account that had been
> locked out.
>
> There are no error messages as the option to force a user to change a
> password or the option to unlock an account is simply grayed out. If I
made
> a helpdesk person a member of the Domain Admin group then the boxes were
> available and could be selected.
>
> This appears to only be happening on users that existed in our NT 4.0 SP6a
> domain. All of these users have been migrated to the Windows 2003 AD
domain
> using ADMT version 2. Our helpdesk is able to select the "change password
> at next logon" box and the "account is locked out" box on the new users
that
> are created in the AD domain.
>
> I hope I have answered all of your questions and look forward to your
> further reply.
>
> Johnny
>
>
> "Bob Qin [MSFT]" <bobqin@online.microsoft.com> wrote in message
> news:G0Tzn90XEHA.2352@cpmsftngxa06.phx.gbl...
> > Hi Johnny,
> >
> > Thanks for your posting here.
> >
> > Do you mean that you have delegate helpdesks to modify user account
> > attributes in ADUC, but they cannot perform the task in fact?
> >
> > What is the symptom? Any error message? Would you please let me know how
> > the helpdesks try to unlock accounts?
> >
> > Any screen captures would be better.
> >
> > Thank you,
> >
> > Bob Qin
> > Product Support Services
> > Microsoft Corporation
> >
> > Get Secure! - www.microsoft.com/security
> >
> > ====================================================
> > When responding to posts, please "Reply to Group" via your newsreader so
> > that others may learn and benefit from your issue.
> > ====================================================
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
>
>
- Next message: Dan Hawker: "RE: Migrating to 2003 - Revisited - FAO Bob Qin"
- Previous message: Bob Qin [MSFT]: "Re: Can't anyone help me with this?"
- In reply to: Johnny Wright: "Re: Can't anyone help me with this?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
