General discussion


Delegate Permission in Windows 2003

By jtra ·

I have been trying to delegate permission to a user to have "unlock locked accounts rights". I right click on the interested OU in AD and choose Delagate Wizard...went through and completed the entire process. However, the user still NOT able to unlock locked accounts or reset password in AD (we had tried both on DC and Adminpak installed locally on his PC). He gets the "Insufficient rights to perform the operation" when attempting to unlock/reset user account

Is there anything else I should have done for it to work..give assist. Your help is urgently needed.

Thank you

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ewgny In reply to Delegate Permission in Wi ...

Don't delegate to a specific user, delegate to a group that you create instead. It will be easier to manage the members of an an "unlock user" group

The following script makes it easy once control is delegated, and also to test your delegation

Collapse -

by jtra In reply to Delegate Permission in Wi ...

Thanks for the response, I have tried exactly as suggested in Micfrosoft Technote. Unfortunately, am still getting the same erro message "Insufficient rights to perform the operation". Any ideas ????


Collapse -

by BFilmFan In reply to Delegate Permission in Wi ...

Is the user account that is attempting to be unlocked in that OU container?

Have you gone into the advanced rights section and checked to make sure that he did get the correct permissions. Unless you assigned full control of the OU to the user, they often do not recieve the correct rights to unlock and account.

Have you tried adding the user to the Account Operators group? Account Operators has the built-in permissions to unlock user accounts.

Related Discussions

Related Forums