Exact Permissions to Change/Reset Pwd

  • Thread starter Thread starter PMasters
  • Start date Start date
P

PMasters

Hi,

I am working with an application that resets/changes
passwords in Active Directory. Unfortunately all I can
determine is Full Control is the only thing that works. I
have tried to specify, read/write, and Change pwd, and
reset pwd, but to no avail.
Anyone know exact permission in AD to an OU that is
required to reset/set/change say a Post Expired password..

thanks,
pm
 
One way to find out what permissions are needed is to use delegate control
wizard on OU and select Reset Password. This will modify security settings
on OU for particular user that you delegated rights to. Examine security
settings and you will see what rights are needed. As I checked, this wizard
does set following rights on User Object:
- Reset Password User Right
- Read pwdLastSet
- Write pwdLastSet

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com
 
Back
Top