I have a 2003 AD at a customers but am not there that often. I need to create a Security Group in the AD and give members of this group the ability to unlock other user's accounts and reset their passwords. Those are the only two things I want them to be able to do.

   These specfic users are running XP Professional workstations and I have installed the 2003 Administrative Tools to their computers for they have access to the AD. I tried this long, long ago and had to give them Administrator rights to the Domain. I want to try again to give them just the unlock and reset password rights.

asked 12/07/2011 01:11

jimbecher's gravatar image

jimbecher ♦♦

3 Answers:
This can be accomplished using the delegation of permissions wizard.


xxdcmast's gravatar image


To unlock user --> This article may be for win2000, but it still is relevant for new versions of windows. --> This will help to grant users permission to change password.

answered 2011-12-07 at 09:35:22

santhoshu's gravatar image


  I am going to start one at a time. The Delegation of Permissions seems like a simple way to do it but... it doesn't seem to work. I right clicled on the domain (wcc.local) and deligated the reset password permissions to the security group "ITAdminHelpers". I then got on on of the XP workstations as one of the users in the "ITAdminHelpers" group and tried changing my password. I got "Access Denied". I guess one question I have about the delegation process is "where can I see what I delegeated"? Maybe it didn't take?????

answered 2011-12-07 at 09:38:11

jimbecher's gravatar image


Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments


Asked: 12/07/2011 01:11

Seen: 345 times

Last updated: 12/09/2011 12:26