RE: [ActiveDir] Restrict Administrative Privileges

[DL.ActiveDirectory]

Title: Restrict Administrative Privileges

Awesome. J   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Posted At: Monday, February 16, 2004 7:31 PM Posted To: ~AD Discussion~ Conversation: [ActiveDir] Restrict Administrative Privileges Subject: RE: [ActiveDir] Restrict Administrative Privileges   How was my technical solution?     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DL.ActiveDirectory Sent: Monday, February 16, 2004 12:39 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Restrict Administrative Privileges Less headache solution: Tell the user not to do that and can his ass if he does.   I await eagerly the reply of the technical solution.   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart, Cory G. Posted At: Monday, February 16, 2004 11:26 AM Posted To: ~AD Discussion~ Conversation: Restrict Administrative Privileges Subject: [ActiveDir] Restrict Administrative Privileges   Hi All,         Is there a way to deny password changing abilities to a Domain Administrator for only a limited set of accounts?  These accounts reside in their own OU, which because of the permissions set, that Domain Admin cannot even see it when in ADUC.  I thought that my problem was solved.  I just found out that this Domain Admin can still use DSMOD to change passwords of users within that OU.  Any help is appreciated! Thanks!! Cory ----------------------------------- Cory G. Stuart Network Administrator Nuclear Engineering Division Argonne National Laboratory -----------------------------------