Go Back   TechArena Community > Technical Support > Computer Help > Windows Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Unable to delegate "Reset user passwords and force password change atnext logon"

Windows Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 03-05-2010
Member
 
Join Date: Feb 2006
Posts: 331
Unable to delegate "Reset user passwords and force password change atnext logon"

I am using the Windows 2008 Server R2 based active directory domain and I have made a People OU that has 4 user accounts and a security group HELPDESK and there are also some of these accounts as members. The problem is with the delegation which doesnt work. When I test it by logging on with a user account in the helpdesk group and then attempt to reset the password of one of the user accounts in the People OU. What can i do to fix this issue?

Reply With Quote
  #2  
Old 03-05-2010
Member
 
Join Date: Feb 2006
Posts: 99
Re: Unable to delegate "Reset user passwords and force password change at next logon"

You have to make sure that they are not members of account operators group, where the AdminSDHolder will reset the permissions hourly. Then you can use the Delegation of Control Wizard to delegate the Reset Password permission to the delegated user. Whereas, in order to change the "User must change password on next logon" flag, the delegated user must have write permission to the user containers. For more information visit this link - http://support.microsoft.com/kb/296999
Reply With Quote
  #3  
Old 03-05-2010
Member
 
Join Date: May 2006
Posts: 2,796
Re: Unable to delegate "Reset user passwords and force password change at next logon"

If you are facing problem where the users cannot join a computer to a domain then follow the below method:
  1. Click Start, click Run, type dsa.msc, and then click OK.
  2. In the task pane, expand the domain node.
  3. Locate and right-click the OU that you want to modify, and then click Delegate Control.
  4. In the Delegation of Control Wizard, click Next.
  5. Click Add to add a specific user or a specific group to the Selected users and groups list, and then click Next.
  6. In the Tasks to Delegate page, click Create a custom task to delegate, and then click Next.
  7. Click Only the following objects in the folder, and then from the list, click to select the Computer objects check box. Then, select the check boxes below the list, Create selected objects in this folder and Delete selected objects in this folder.
  8. Click Next.
  9. In the Permissions list, click to select the following check boxes:
    • Reset Password
    • Read and write Account Restrictions
    • Validated write to DNS host name
    • Validated write to service principal name
    • Click Next, and then click Finish.
  10. Close the "Active Directory Users and Computers" MMC snap-in.
More information on this page - http://support.microsoft.com/kb/932455
Reply With Quote
  #4  
Old 29-05-2011
Member
 
Join Date: May 2011
Posts: 1
Re: Unable to delegate "Reset user passwords and force password change atnext logon"

In my case this error occurred after I first delegated the 'reset password' right to the 'help desk' group, then reset the permissions to schema default using the wrong switch /resetDefaultDACL for dsacls.exe command as suggested at page 76. After resetting the security permissions to schema default using 'dsacls "OU=..." /s /t' problem disappeared.
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Security
Tags: ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Unable to delegate "Reset user passwords and force password change atnext logon""
Thread Thread Starter Forum Replies Last Post
force user to change password on next logon Chad Gross Active Directory 5 06-07-2011 08:47 AM
How to set "User Cannot Change Password" either via .NET or ADSI aknuds1 Active Directory 1 28-05-2011 12:00 PM
"The Logon User Interface DLL msgina.dll failed to load" error NIcaBoy Windows XP Support 5 13-09-2010 06:06 PM
"Allow logon through Terminal Services" user right missing ajoaosilva Windows Server Help 19 03-08-2007 08:17 PM
DCOM got error "Logon failure: unknown user name or bad password." Chitesh Small Business Server 2 03-10-2006 06:04 AM


All times are GMT +5.5. The time now is 02:16 AM.