| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96937 | 2009-01-29 20:10:00 | Active Directory | jwil1 (65) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 743016 | 2009-01-29 20:10:00 | Hi all, At work I am delegating some students the right to reset other student's passwords if they forget them. I have got them using Active Directory, but I think it's a bit of a security risk having them able to see the entire AD structure. Is there some kind of alternative program/command line that would enable the elevated students to reset passwords without actually seeing the AD structure and all the objects in it? Or could I only give them permissions to the areas if AD they need to be in somehow? :thanks |
jwil1 (65) | ||
| 743017 | 2009-01-29 20:55:00 | Just limit their delegation to a specific OU which the other users are in? I wouldn't say it's a security risk until they actually do something within AD... you can control this with the delegation. Having said that... if you're worried about security.. then don't give them any delegated authority. cheers |
chiefnz (545) | ||
| 1 | |||||