Hi, I need to allow a few users to remotly access domain controler, but the only thing that they should be allowed to do for now is to reset passwords. Does anyone have an idea on how to do that? Thanks!
This conversation is currently closed to new comments.
in Active directory Users and Computers. Look under the Action drop-down.
Highlight the OU in question (where they are aloowed to do it), open the wizard, select the group of users to who you wish to give password-chage permission (who is allowed to do it), check "Reset user passwords and force password change at next logon" (what they are allowed to do) and that's that. The wizard will add the correct three permissions.
Delegate control part works great, thanks! As you can see, i'm a beginer... Now i have a different problem... what is the best way to allow them remote access to domain controler? We ussually use -My computer\ properties\ Remote\ Select remote users option, but that doesn't seem to work for them... Maybe through user rights assignment? or some third option... ?
they can't login via remote desktop connection until i put them in administrators group... but when i do that, the delegate control option doesn't have any effect... they can do everything...
They should be able to change the passwords using Active Directory Users and Computers from the Windows admin tools or you can set up a custom MMC by running mmc, adding the AD elements in File | Add Snap-in and add the AD snap-in. You can then navigate to the OU that the uses are in and save the options for the users who you're giving rights to.
Have a play with MMC and post again if you have issues.
But it would be perfect if I could make it so that they can access remotly AND just reset passwords... I didn't explain, those users will be in charge of password reseting for now, until they get to know AD a little better... eventually , they will be doing much more than that...
Collapse -
what's with the remote access? no remote access needed
How else can I access Active Directory? We only access localy (directly on the server) and remotly (using remote desktop connection). I know, i'm new at this... So be patient :) Or if you have any links that could help me...
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Active Directory related problem
I need to allow a few users to remotly access domain controler, but the only thing that they should be allowed to do for now is to reset passwords. Does anyone have an idea on how to do that?
Thanks!