Active Directory: How to delegate the right to unlock accounts?

Computers and Internet 1 Minute

This information is to provide rights to unlock accounts in a OU or domain for a user WITHOUT giving any other administrative rights. so here is how to do it?

  1. Right-click the OU or domain in Active Directory Users and Computers console and select Delegate Control from the context menu
  2. Click Next on the Welcome dialog
  3. Click Add to select the user or group and click OK
  4. Click Next
  5. Select Create a custom task to delegate and click Next
  6. Select Only the following objects in the folder. In the list, check User objects and click Next
  7. Clear the General checkbox and check the Property-specific box
  8. Check both the Read lockoutTime and Write lockoutTime boxes and press Next and Finish button.

clip_image001

Published by --Anand--

Being in Silicon Valley for years, I became a IT Infrastructure Geek by experience and surrounded by other Geeks everywhere. I try to help others by the solutions I found on odd occasions.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s