0

I just create a cn name test, and in test, I create a group name secunion, and create two user user1, user2, I add user1 to group secunion, and I give user2 reset password privileges to secunion's user

According to Active Directory privilege inhertance, the user1's security attributes will have an attribute, that the user2 have privilege to change his password, but not,and users also can not change user1's password.

Thanks for anyone who can help me.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
wang donot
  • 1
  • The environment is server2008 R2 – wang donot Jun 13 '18 at 02:54
  • If I understood you correctly this is not how Active Directory works. The main idea is that you assign permissions to a group and these permissions are propagated to all users in that group. The correct way is to assign group a reset password permission to user2. User1 will be able to reset user2 password as he is a member of the group – oldovets Jun 13 '18 at 11:26

0 Answers0