To delegate the right to unlock user accounts on the OU or domain level in ADUC, you can use the AD delegation wizard.
You must perform the following steps.
1. Open “Active Directory Users and Computers”
2. Right-click the Organizational Unit or domain in “Active Directory Users and Computers”. From the context menu, select "Delegate Control"
3. Click Next on the Welcome dialog box
4. Click “Add” to select the user/group to which the right will be assigned.
Type the name of user or group you want to add and click “Check Names” button to verify it
5.Select the 2nd radio button, Create a custom task to delegate, and click Next
6. Select the 2nd option, which is Only the following objects in the folder. Select User objects in the list, and click Next
7. Select the Property-specific checkbox and ensure that only this checkbox is selected
In the Permissions list, check Read lockoutTime and Write lockoutTime, and click Next.
8. Click Finish to close the wizard
Now you delegated right to unlock user accounts on the OU
No comments:
Post a Comment