H
HC
Hi,
I recently tried to delegate a 'domain user' to unlock
account and reset password of another account which
has the builtin 'Administrator' membership. I did not
use the delegation wizard but instead, I configured the
read/write lockout time & reset password properties
in the Security tab.
Within an hour after replication had taken place I realised
that the delegation properties I had configured earlier
disappeared.
I tried this a few more times but success was to no avail.
I have a hunch that AD does not allow a standard domain
user to be delegated to unlock or reset accounts which
have the Administrator membership as this would defeat
the purpose of security within Windows 2000.
Has anyone tried this?? Can someone please prove that
this is the case.
Thanks in advance.
HC
I recently tried to delegate a 'domain user' to unlock
account and reset password of another account which
has the builtin 'Administrator' membership. I did not
use the delegation wizard but instead, I configured the
read/write lockout time & reset password properties
in the Security tab.
Within an hour after replication had taken place I realised
that the delegation properties I had configured earlier
disappeared.
I tried this a few more times but success was to no avail.
I have a hunch that AD does not allow a standard domain
user to be delegated to unlock or reset accounts which
have the Administrator membership as this would defeat
the purpose of security within Windows 2000.
Has anyone tried this?? Can someone please prove that
this is the case.
Thanks in advance.
HC