JSI Tip 6009. How to I delegate the right to force a user to change password at next logon?

When you use the Delegation of Control Wizard to delegate the ability to reset passwords, the delegated user or group does NOT have permission to force a user to change their password at next logon.

To allow a user or group to set User must change password at next logon:

01. Open Active Directory Users and Computers.

02. Use the View menu to check Advanced Features.

03. Right-click the container that you have delegated control over and press Properties.

04. Select the Security tab.

05. Press the Advanced button.

06. Select the Permissions tab.

07. Press the Add button.

08. Select the user or group that has the password reset permission and press OK.

09. On the Permission Entry for Users dialog, Select the Properties tab.

10. select User objects in the Apply onto drop-down list.

11. Check the Allow column box for Write Account Restrictions.

12. Press OK, Apply, OK, and OK.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish