1.2 Password Reset
Home
Integrity
Control
Solutions

Permissions

The service account used with the ADResetClient module needs correct permissions in Active Directory(AD).

Overview

To reset a password or/and unlock or set change password at next logon the service account need correct permission to do this. There are different ways to delegate in AD for an account to have this permission. Below is one way of doing this for the ADResetClient proxy account.

Delegate Reset Password and Change password at next login

  1. Open Active Directory Users and Computers Start > All Programs > Administrative Tools menu.

  2. Right click the OU or the root where you like to delegate from.

  3. Click Delegate Control to open the Delegation of Control Wizard.

  4. Click Next to proceed past the wizard’s welcome page.

  5. Click Add and find the user account you like to delegate to.

  6. Click Next to proceed.

  7. Under Delegate the following common tasks, choose to delegate the privilege to Reset user passwords and force password change at next logon. This will delegate AD password change and reset privileges to the service account.

  8. Click Next to proceed.

  9. Review the changes and ensure the changes are correct.

  10. Click Finish to save your changes and close the wizard.

Delegate Unlock account

  1. Open Active Directory Users and Computers Start > All Programs > Administrative Tools menu.

  2. Right click the OU or the root where you like to delegate from.

  3. Click Delegate Control to open the Delegation of Control Wizard.

  4. Click Next to proceed past the wizard’s welcome page.

  5. Click Add and find the user account you like to delegate to.

  6. Click Next to proceed.

  7. Choose Create a custom task to delegate and click Next.

  8. Choose Only the following objects in the folder from the Delegate control of option.

  9. Check the User objects option as the object to which to delegate.

  10. Click Next to proceed.

  11. Ensure Property-specific is checked.

  12. Scroll to the Read lockoutTime permission and check Read lockoutTime and Write lockoutTime.

  13. Click Next to proceed.

  14. Review the changes and ensure the changes are correct.

  15. Click Finish to save your changes and close the wizard.

Last updated