AD Administration

[Chris]

I remember in NT 4.0 you could create a group that had
only rights to unlock or reset a users password in the
user administration screen. Is there the same kind of
program or permissions in Windows 2000 AD. I am finding
that the support center is creating users accounts without
prior authorization when they are only supposed to be
using it for locked accounts or password changes.

 

[Matjaz Ladava [MVP]]

Look into Delegation of Control task in AD. In AD you can delegate a
particular user or groups a permission to do various tasks. You do this on
the OU level, by rightclicking on the OU and selecting delegate control. Of
course you have to organize your AD structure into Organizational Units (OU)
to reflect your AD administration and organization structure.

--

Regards
Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Chriss3]

Step-by-Step Guide to Using the Delegation of Control Wizard
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/delegsteps.asp
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup