S
Sadissa
Guest
Hello, all.
All our user accounts are under an OU named 'Accounts' (with Sub-OUs).
We recently delegated control to a security group on that OU with
permissions:
- Create, delete, and manage user accounts
- Reset User passwords and force password change at next logon
- Read all user information
The delegation globally works well, but sometimes we find that some user
accounts stop applying the inherited permissions. In that situation only the
default groups (domain admins, account operators, etc.) are able to modify
the user accounts, and we are oblige to reapply the settings to fix the
issue.
This situation creates a crisis between the department which have been
delegated control through the security group and us, the administrators. How
can we make sure all user accounts under the OU arborescence inherit all the
permissions at any time?
Thanks in advance for your help.
All our user accounts are under an OU named 'Accounts' (with Sub-OUs).
We recently delegated control to a security group on that OU with
permissions:
- Create, delete, and manage user accounts
- Reset User passwords and force password change at next logon
- Read all user information
The delegation globally works well, but sometimes we find that some user
accounts stop applying the inherited permissions. In that situation only the
default groups (domain admins, account operators, etc.) are able to modify
the user accounts, and we are oblige to reapply the settings to fix the
issue.
This situation creates a crisis between the department which have been
delegated control through the security group and us, the administrators. How
can we make sure all user accounts under the OU arborescence inherit all the
permissions at any time?
Thanks in advance for your help.