By OU delegation, are you referring to the delegation wizard, or just the ability to set permissions on specific OU's? Either would suffice to allow someone the ability to perform such actions, whether or not they were a member of the account operators group. Take a look at the advanced permissions of one of the user accounts they can modify, sort by name, and see if either their names or a group they are in shows up with permissions.
James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services -----Original Message----- From: Kurt Buff [mailto:[EMAIL PROTECTED] Posted At: Monday, May 05, 2008 10:49 AM Posted To: NTSysadmin Conversation: Domain Admin monkey business Subject: Re: Domain Admin monkey business Just did - they're not in there either. On Mon, May 5, 2008 at 10:37 AM, Barsodi.John <[EMAIL PROTECTED]> wrote: > Check the Account Operators group? > > > > -----Original Message----- > From: Kurt Buff [mailto:[EMAIL PROTECTED] > Sent: Monday, May 05, 2008 10:30 AM > To: NT System Admin Issues > Subject: Domain Admin monkey business > > I've been on vacation for a couple of weeks, and came back to a bit of > a situation. The helpdesk staff now seem to be able to control > accounts in the domain - they can set/reset passwords, disable/enable > accounts, update group memberships, etc. > > I've looked, and domain admins looks as expected. > > Am I correct in believing that the only other way this can happen is > through OU delegation? If so, how do I check to see what's changed WRT > delegation - how do I audit that? > > Kurt > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
