Permissions
- Enterprise IT
A user with complete Administrator rights can perform all the actions as described in the Administrators section. To provide specific Admin rights (delegating permission), refer to the following section:
Reset Permission
Select the Delegate the following common tasks option on the Delegation of Control Wizard dialog box of Active Directory, and then select Reset user passwords and force password change at next logon.
Figure: Reset user passwords and force password change at next logon
Unlock Permissions
Select the Create a custom task to delegate option on the Delegation of Control Wizard dialog box of Active Directory.
Figure: Selecting tasks to delegate
Make selections as per the following screenshots:
Figure: Selecting Active Directory object types
Figure: Selecting permissions
The above selections are for the following purposes:
- Pdwlastset: To force the password change at next logon
- Lockouttime: To unlock user accounts
- Resetpassword: To reset user accounts
- Useraccountcontrol: The "password never expires" option is represented by a BIT/FLAG in the useraccountcontrol attribute.
Note:
Based on SummitAI validations with delegation of permissions, it works only for normal user. But the user (who is delegated to Reset) cannot change the password for super-user B (escalation of privileges/ higher privileges, etc.).
Confluence Cloud Migration Alert: Please refer to known issues you may encounter in Confluence Cloud: https://eitdocs.atlassian.net/wiki/x/wDGwAQ