Delegate Password Reset Permissions in Active Directory

Delegate Password Reset Permissions in Active Directory

Delegating Permissions to Reset User Account Passwords

Delegation can help administrators save ample time and help them concentrate on more tedious tasks at hand. This is no different when it comes to delegating password resetting capability. Administrators normally go about delegation by giving a group of users the ability to reset passwords. Here's how you'd go about delegating password reset permissions using Microsoft's native offering:
  1. Select users or user groups that are to be delegated.
  2. Open the ADUC, find your domain tree and browse to the topmost level that you wish to apply user permissions,  and select 'Delegate Control'.
  3. At the Welcome dialog, click Next.
  4. At the Users or Groups dialog, click the Add... button. You will be prompted to add a user or group to which you will apply delegated rights.
  5. At the Select Users, Computers, or Groups dialog, either type the name of the object (use domain\username or domain\groupname for best results) or click 'Advanced'> 'Find' to locate your resource you wish to apply permissions to.
  6. Once you've selected your resource(s), click 'OK' at the Select Users, Computers, or Groups dialog, then click 'Next' at the Users or Groups dialog.
  7. Delegate your tasks
  8. At the Tasks to Delegate dialog, you can select from a wide assortment of tasks to assign to your users. If you only want to delegate the reset password task, ensure that the 'Delegate the following common tasks' radio button is ticked and select 'Reset user passwords and force password change at logon' and click the 'Next' button.
  9. Complete the Delegation of Control Wizard.
Once you've finished delegating your tasks, you can click the 'Finish' button at the Completing the Delegation of Control Wizard dialog. Now the users you delegated these tasks to should be able to reset passwords (or perform other actions you specified) on the objects in the OU where you set up the delegated permissions.

    • Related Articles

    • Enable Self-service password reset in a Azure Active Directory

      Enable Users to Reset Passwords using Azure Active Directory Password reset tickets constitute a major chunk of the help desk ticket pile. Allowing users to reset their own passwords is a sure way of boosting productivity. Microsoft Azure Active ...

    • How to Delegate Disable Account Permissions to AD Users

      Delegate Disable Accounts Permission in Active Directory Delegation has been the sharpest tool in an IT administrator's bag. It has saved both time and money by bestowing rights to a group of people dedicated at taking care of particular ...

    • How to Delegate AD Rights to Users

      Delegating Administrative Privileges to Users in Active Directory AD delegation lets administrators grant users or groups certain permissions without having to add them to privileged groups like Domain Admins and Account Operators. You can delegate ...

    • Object permissions in Active Directory

      Permission in AD are privileges granted to users or groups to perform certain operations on objects. Permissions are usually granted by object owners or administrators. Users and groups are assigned permissions (to read, write, create child objects ...

    • Active Directory Password Policy Best Practices

      Active Directory Password Policies: NIST Recommended Best Practices End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. In Microsoft Active ...