clymans
Joined: 12 Jan 2006
Posts: 1
|
 Posted:
Thu Jan 12, 2006 9:55 pm Post subject:
Delegating Unlock Permissions |
|
|
I know this has been discussed to death on many different boards, but I can't seem to get it to work correctly.
This is a Win2k3 SP1 AD with WinXPSP2 clients. AD is running in Native mode.
I have assigned a helpdesk staff group the rights to reset passwords and to read and write to lockouttime so that they can unlock an account and reset the password if neccessary. When I open the ADUC gui and review the security on the OU, the group shows up under Security with special permissions. I have reviewed the permissions under the advanced area and they show correctly. When the users go to the properties of a user in this OU they are able to manipulate the password, but they cannot unlock a user. The text and checkbox are muted and unclickable. On the same tab, they can successfully expire the password and force the user to change it at next logon. I have assigned the rights directly to individual users with the same results.
I have read the MS support article that discusses how to do this and also looked at many posts and numerous article that all seem to point to the exact things that I have done. Any ideas on what I am missing or what might cause this behavior? |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in
