Question : Delegation in W2K3 AD not working as expected

In W2K3 ADUC, I ran the delegation wizard to give a new employee all rights to the Users OU. Double checking the security tab shows this user has full control of this OU; however, when they launch ADUC tools from their desktop, and goto the Account Tab of a locked out user in that OU, everything is greyed out and they cannot unlock that user.

Answer : Delegation in W2K3 AD not working as expected

If you do an LDAP query on those users, you may find that these accounts have an attribute AdminCount=1. This means that at some point or now, these problem users belonged to a "protected" group. Are you familiar with the LDAP query tool? Check your problem accounts. If they have AdminCount=1, the people you delegate control to will not be able to alter these accounts. This function prevents a non-admin person that has some abilities delegated from resettting the password on an admin account.

If you find that these accounts have AdminCount=1, I can point you to some websites that discribe this problem and the resolution. If they have AdminCount=0, there is something else going on.

Random Solutions

citrix information

PLS-00201: identifier 'FAISMGR.RORPOST' must be declared error

Reporting services - Show a HTML formatted column

Stub mailbox left behind after move to another server

Outlook 2007 will not connect to Exchange 2003 Server...however OWA works and email deliver is live on the Exchange server.

How to print a .prn file?

Need Help with Network Configuration

How to make a form open automatically when I open Access

A question about "could not load a transcoding service Xerces Panic Error".