Hi Chris,
To delegate the right to a group or user:
1. Create the group or user account that you want to have the right to
unlock user accounts in Active Directory Users and Computers (for
example, Help Desk Admins).
2. Right-click the domain in Active Directory Users and Computers, and then
click Delegate Control from the menu that is displayed.
3. The Delegation of Control Wizard should be displayed. On the Welcome
dialog box, click Next.
4. On the Users and Groups dialog box, click Add. Select the group in the
list that you want to give the right to unlock accounts, and then click OK.
On the Users and Groups dialog box, click Next.
5. On the Tasks to Delegate dialog box, click "Create a custom task to
delegate", and then click Next.
6. On the "Active Directory Object Type" dialog box, click "Only the
following objects in the folder:". In the list, click "User objects" (the
last entry in the list), and then click Next.
7. On the Permissions dialog box, click to clear the General check box, and
then click to select the Property-specific check box. In the Permissions
list, click to select the "Read lockoutTime" check box, click to select the
"Write lockoutTime" check box, and then click Next.
8. On the "Completing the Delegation of Control Wizard" dialog box, click
Finish.
Thanks for using Microsoft News Group!
Sincerely,
Steven Liu
Microsoft Online Partner Support
MCSE 2000
Get Secure! -
www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
