Monday, October 7, 2013

Delegate Control in AD to grant permissions to reset passwords and unlock accounts

To Delegate Control to Reset Passwords:

1.       Open Active Directory Users and Computers

2.       Click on View and select Advanced Features

3.       Select the OU where you want to delegate a user or group

4.       Right Click and select Delegate Control (and click Next on the Welcome page)

5.      Add the required Username or Group and click Next

6.       Tick the box “Reset user passwords and force password change at next logon” and click Next


7.     Click Finish

To Delegate Control to Unlock Accounts:

1.       Follow Steps 1-5 from the above list.

2.       Select “Create a custom task to delegate” and click Next


3.   Select “Only the following Objects in the folder” and tick the “User object” box and select Next

4.  Untick the “General” box and tick the “Property-specific” box. Select the “Read lockout Time and “Write Lockout Time” options

5. Click Next and then Finish.