Active Directory delegation issue

Hi guys,

So, I have home lab set up with Windows Server 2008R2. I've created a bunch of users. I also set a group for help desk. In that group I added one of the users as members which I will be using to delegate limited administrative abilities.

I then went into the User Accounts OU where all the users were set up. I right clicked and hit delegate control to the Help Desk group. I set the capabilities to only reset password and force change at logon. I double checked the permissions of that OU for Help Desk and it is set properly.

The issue is, when I log on to the server as that particular user, I can not reset the password for anyone of the users in that OU. I get an access denied error. I went back and traced my steps. I even made sure that help desk was not part of any group in itself where there could be conflicts. Any idea what can be causing this? Any suggestions are appreciated. Thanks in advance.

0 Comments   [ + ] Show comments

Answers (1)

Posted by: apr11682 10 years ago
White Belt

Nevermind. I was able to figure it out. Inheritance from the parent object was removed from the child. So that explicit permission was driving me mad for a couple days.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ