RE: [ActiveDir] Distributing AD responsibilty
This is definitely doable, however you may consider using some sort of proxy system to do it so you can answer the question who did it and when as those questions come up. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss Sent: Monday, September 26, 2005 11:15 AM To: Active Directory Admin Issues; ActiveDir@mail.activedir.org; NT System Admin Issues Subject: [ActiveDir] Distributing AD responsibilty We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Distributing AD responsibilty
Jorge answered the how part. To answer the other part of your question, yes, this is a very common scenario. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss Sent: Monday, September 26, 2005 11:15 AM To: Active Directory Admin Issues; ActiveDir@mail.activedir.org; NT System Admin Issues Subject: [ActiveDir] Distributing AD responsibilty We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Distributing AD responsibilty
Delegate the right/permission to the directors on the OU where the users are in. To reset user passwords you need the "Reset Password" extended right on the user object. This is also available through the delegation of control wizard using the common delegated task "Reset a user account's password" If you want to reset user passwords and force password change at next logon you need the "Reset Password" extended right on the user object and you need Read/Write permissions on the attribute "pwdLastSet". This is also available through the delegation of control wizard using the common delegated task "Reset user passwords and force password change at next logon" Jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Gauss Sent: Monday, September 26, 2005 17:15 To: Active Directory Admin Issues; ActiveDir@mail.activedir.org; NT System Admin Issues Subject: [ActiveDir] Distributing AD responsibilty We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Distributing AD responsibilty
We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/