Delegate password reset permission in Windows Server 2016
Donate Us : paypal.me/MicrosoftLab
Delegate password reset permission in Windows Server 2016
1. Prepare
– DC1 : Domain Controller(Yi.vn) | WIN101 : Client
2. Step by step : Allow HiepIT reset password in HR OU
– DC1 : Configure allow HiepIT to remote to Domain Controller and reset password in HR OU
+ Enable remote desktop
+ Click ‘File Explorer’ – Right-Click ‘This PC’ – Properties – Remote settings – Choose ‘Allow remote connections to this computer’ – OK
+ Server Manager – Tools – Active Directory Users and Computers – Yi.vn – Builtin OU :
+ Double-click “Remote Desktop Users” – Members tab – Add… : HiepIT
+ Double-click “Server Operators” – Members tab – Add… : HiepIT (or add to one of groups : Account Operators, Backup Operators, Print Operators)
+ Server Manager – Tools – Group Policy Management – Yi.vn – Right-Click ‘Default domain Plicy’ – Edit… – Computer Configuration – Polices
– Windows Settings – Security Settings – Local Polices – User Rights Assignment – Allow log on through Remote Desktop Services :
+ Tick “Define these policy settings” + Click “Add User or Group…” – Browse… : Administrators;HiepIT – OK
+ Start – cmd, type : gpupdate /force
+ Active Directory Users and Computers – Right-click HR OU – Delegate Control… :
+ Users or Groups : Add… : HiepIT – Tasks to Delegate : Choose “Delegate the following common tasks”
– Tick ‘Reset user passwords and force password change at next logon’ – Finish
– WIN101 : Remote to DC1 use HiepIT, test reset password of NamHR
+ Start – Server Manager – Tools – Active Directory Users and Computers – Yi.vn :
+ IT OU – Right-Click NamIT – Reset Password… === fail ‘Access is denied.’
+ HR OU – Right-Click NamHR – Reset Password… === OK
——————————————–******************** Youtube.com/c/MicrosoftLab ********************————————————
windows server
