rights delegation

T

Tech-Jeff

Hi,

So recently one of our technicians changed the password of a service accounts not knowing that this SA is used in one of the backups which stopped due to authentication issue. So we decided to create a service account for technicians to use in doing the following:

1. Create an AD login

2. Joining a computer in a domain

So here are so far the steps I did:

1. right click on the domain and selected 'Delegate Control' > Add the user > select 'Create a custom task to delegate' > selected the 2nd radio button 'Only the following objects in this folder' and ticked on the checkbox below 'Create selected objects in this folder' under the long list selected the following:

account objects

user objects

computers onjects

Clicked apply and went to group policy management > Default Domain Controller policy > added to 'Allow to login locally'

So I tested the account, it was able to login to the domain controller but every time I open 'Active Directory Users and Computers' or Server Manager' it prompts for the domain admin credentials.

Any idea on this?

Thanks

TECH-JEFF

Continue reading...
 
You must log in or register to reply here.

Similar threads

L
can you define the process to delegate sufficient permissions to a domain service account, that will allow it to perform the tasks of software deploym
Replies
0
Views
24
Leo Manyatis
L
H
How to restrict domain users from removing computers from domain?
Replies
0
Views
17
Hana Wudu
H
N
netjoin event id 4097 error code 1355 using windows provisioning package.
Replies
0
Views
44
Nr2Stonehill
N
N
netjoin event id 4097 error code 1355 using windows provisioning package.
Replies
0
Views
42
Nr2Stonehill
N
I
What Are the Implications of Removing SYSTEM Account Permissions on Active Directory Users and Computers (ADUC) snap in ?
Replies
0
Views
49
IT Researcher007
I
Back
Top Bottom