Account Operators

[Bill Bryson]

What are all the rights and privileges of an account
operator?

 

[IBTerry [MSFT]]

User and Group Accounts
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
topics/issues/W2kCCSCG/W2kSCGcd.asp

This group is only available on Windows 2000 servers acting Domain
Controllers. It allows its members to administer user and group accounts
for systems and domains. By default, Account Operators have permission to
create, modify, and delete accounts for users, groups, and computers in all
containers and organizational units (OUs) of Active Directory except the
Builtin container and the Domain Controllers OU. Account Operators do not
have permission to modify the Administrators and Domain Admins groups, nor
do they have permission to modify the accounts for members of those groups.

Hope this helps,

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Joe Richards [MVP]]

NB: On AD Domains (W2K+) these are directory permissions that can be
revoked. Under NT4 it was builtin permissions that couldn't be modified.