| Author | Messages | |
Patrick
Posts:35
 | | 06/16/2010 5:45 AM |
| What would cause a password change delegation applied at the domain level
for the helpdesk staff to change some passwords but not others?
I have researched this at nausium and still no solution!
I do not want to add them to the account administrators group
regards all
| | | |
| RickSheikh
Posts:373
| | 06/16/2010 6:07 AM |
| For those that they are not able to, is inheritance being properly
propagated ?
On Tue, Jun 15, 2010 at 11:43 PM, Patrick Paul <patrickp@batelnet.bs> wrote:
> What would cause a password change delegation applied at the domain level
> for the helpdesk staff to change some passwords but not others?
> I have researched this at nausium and still no solution!
> I do not want to add them to the account administrators group
>
> regards all
>
| | | |
| ZJORZ
Posts:363
| | 06/16/2010 6:09 AM |
| I assume you are talking about "Password Reset" and not "Password Change"
Delegated permissions at container level are not inherited by objects that
are or have been members of protected groups. When you enable inheritance
again you will see about after an hour that setting is removed again. That's
the PDC doing that and configuring those accounts with the permissions
configured on adminSDholder
Also see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/05/16/981.aspx
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
Ing. Jorge de Almeida Pinto
Senior Technical Consultant
MVP Identity & Access - Directory Services
( <https://mvp.support.microsoft.com/profile/jorge1> MVP Profile) (
<http://blogs.dirteam.com/blogs/jorge/default.aspx> Blog)
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Patrick Paul
Sent: Wednesday, June 16, 2010 06:44
To: activedir@mail.activedir.org
Subject: [ActiveDir] Delegation
What would cause a password change delegation applied at the domain level
for the helpdesk staff to change some passwords but not others?
I have researched this at nausium and still no solution!
I do not want to add them to the account administrators group
regards all
| | | |
| Patrick
Posts:35
| | 06/16/2010 7:23 AM |
| Yes!
How could I double chk that?
On Wed, Jun 16, 2010 at 1:06 AM, Rick Sheikh <ricksheikh@gmail.com> wrote:
> For those that they are not able to, is inheritance being properly
> propagated ?
>
>
> On Tue, Jun 15, 2010 at 11:43 PM, Patrick Paul <patrickp@batelnet.bs>wrote:
>
>> What would cause a password change delegation applied at the domain level
>> for the helpdesk staff to change some passwords but not others?
>> I have researched this at nausium and still no solution!
>> I do not want to add them to the account administrators group
>>
>> regards all
>>
>
>
| | | |
| Patrick
Posts:35
| | 06/16/2010 7:37 AM |
| You are correct in your assumption - Password Reset
On Wed, Jun 16, 2010 at 2:22 AM, Patrick Paul <patrickp@batelnet.bs> wrote:
> Yes!
> How could I double chk that?
>
> On Wed, Jun 16, 2010 at 1:06 AM, Rick Sheikh <ricksheikh@gmail.com>wrote:
>
>> For those that they are not able to, is inheritance being properly
>> propagated ?
>>
>>
>> On Tue, Jun 15, 2010 at 11:43 PM, Patrick Paul <patrickp@batelnet.bs>wrote:
>>
>>> What would cause a password change delegation applied at the domain level
>>> for the helpdesk staff to change some passwords but not others?
>>> I have researched this at nausium and still no solution!
>>> I do not want to add them to the account administrators group
>>>
>>> regards all
>>>
>>
>>
>
| | | |
| RickSheikh
Posts:373
| | 06/16/2010 2:42 PM |
| http://www.shariqsheikh.com/blog/index.php/200908/use-powershell-to-look-up-admincount-from-adminsdholder-and-sdprop/
On Wed, Jun 16, 2010 at 1:36 AM, Patrick Paul <patrickp@batelnet.bs> wrote:
> You are correct in your assumption - Password Reset
>
>
> On Wed, Jun 16, 2010 at 2:22 AM, Patrick Paul <patrickp@batelnet.bs>wrote:
>
>> Yes!
>> How could I double chk that?
>>
>> On Wed, Jun 16, 2010 at 1:06 AM, Rick Sheikh <ricksheikh@gmail.com>wrote:
>>
>>> For those that they are not able to, is inheritance being properly
>>> propagated ?
>>>
>>>
>>> On Tue, Jun 15, 2010 at 11:43 PM, Patrick Paul <patrickp@batelnet.bs>wrote:
>>>
>>>> What would cause a password change delegation applied at the domain
>>>> level for the helpdesk staff to change some passwords but not others?
>>>> I have researched this at nausium and still no solution!
>>>> I do not want to add them to the account administrators group
>>>>
>>>> regards all
>>>>
>>>
>>>
>>
>
| | | |
|
|