Last post Feb 01, 2011 02:48 PM by shabirhakim1
Feb 01, 2011 11:40 AM|Gman0405|LINK
I am looking to retreive a list of all users in a domain who have the ability to reset other users' passwords. e.g. Service Desk users have been delegated permissions to reset
all passwords in the domain. Other users may have been delegated the rights on specific OUs etc.
Is there any easy way of querying AD to identify any user who has the ability to reset someone else's AD password?
all users from active directory
Active Directory Query Output
Feb 01, 2011 02:48 PM|shabirhakim1|LINK
We access AD on basis of ASI,because it is actually a programming interface we use,ADSI provides both authentication and authorization client access. If it is used to communicate with the Active Directory, a user can be authenticated using Kerberos or NTLM,
depending on the environment. ADSI also allows you to manipulate the Security Descriptor[like what you are asking for].
You can read this tutorial for this