JSI Tip 3918. How do I use ADSIEDIT to grant Help Desk personnel the right to unlock locked user accounts?

We described granting this right in tip 3746 » How can I delegate the unlock account right?
and tip 3914 » How can I delegate the right to unlock locked user accounts, in a batch file?

To grant this right using Adsiedit.msc, a Support Tool on the CD-ROM:

01. Start / Run / Adsiedit.msc / OK.

02. Right-click the container or object that want to grant this right to and press Properties.

03. Select the Security tab and press Advanced.

04. Press Add and double-click the group you want to grant this right to.

05. Select the Properties tab.

06. In the Apply onto: drop-down list, select User objects.

07. Select the Allow box for Read lockoutTime and Write lockoutTime.

08. Select the Apply these permissions to objects and/or containers within this container only box.

09. Press OK, Apply, OK, and OK.

10. Exit ADSIEDIT.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.