List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Distributing AD responsibilty

Prev Next

You are not authorized to post a reply.

Author

Messages

AD00000792 User is Offline

Posts:0

09/26/2005 3:26 AM
We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

ZJORZ

Posts:133

09/26/2005 3:33 AM
Delegate the right/permission to the directors on the OU where the users are in. To reset user passwords you need the "Reset Password" extended right on the user object. This is also available through the delegation of control wizard using the common delegated task "Reset a user account's password" If you want to reset user passwords and force password change at next logon you need the "Reset Password" extended right on the user object and you need Read/Write permissions on the attribute "pwdLastSet". This is also available through the delegation of control wizard using the common delegated task "Reset user passwords and force password change at next logon" Jorge -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Craig Gauss Sent: Monday, September 26, 2005 17:15 To: Active Directory Admin Issues; ActiveDir@xxxxxxxxxxxxxxxxxx; NT System Admin Issues Subject: [ActiveDir] Distributing AD responsibilty We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

bdesmond

Posts:416

09/26/2005 5:25 AM
Jorge answered the how part. To answer the other part of your question, yes, this is a very common scenario. Thanks, Brian Desmond brian@xxxxxxxxxxxxxxxx c - 312.731.3132 -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Craig Gauss Sent: Monday, September 26, 2005 11:15 AM To: Active Directory Admin Issues; ActiveDir@xxxxxxxxxxxxxxxxxx; NT System Admin Issues Subject: [ActiveDir] Distributing AD responsibilty We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

listmail

Posts:497

09/26/2005 8:05 AM
This is definitely doable, however you may consider using some sort of proxy system to do it so you can answer the question who did it and when as those questions come up. -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Craig Gauss Sent: Monday, September 26, 2005 11:15 AM To: Active Directory Admin Issues; ActiveDir@xxxxxxxxxxxxxxxxxx; NT System Admin Issues Subject: [ActiveDir] Distributing AD responsibilty We are looking at making the department directors here a little more responsible for their users. We are thinking about allowing them to have the rights to change passwords. Is anyone else doing this? If so how are you going about doing it? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Distributing AD responsibilty

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads