Search This Blog

Saturday, December 10, 2016

Delegate Unlock Account permissions in Active Directory

To delegate "Unlock account" permissions follow these steps:
1) Open Active Directory Users and Computers console
2) Select Properties for the target Organizational Unit where you want to delegate permissions;
3) Select Security tab and then click Advanced
4) Add user to which you want to delegate permissions and select to apply to "Descendant User objects":
5) Select permissions Read lockoutTime and Write lockoutTime:

And that's it!

No comments:

Post a Comment