Staff resetting passwords

**MarkBerridge** · 16th March 2012, 09:35 AM

I am looking at a way to give staff access to reset pupil passwords but not to give them any admin access. We use a 2008 r2 windows domain. Can anyone recomend a good way of implementing that?

TheLibrarian · 16th March 2012, 09:40 AM

Create a custom MMC and use the delegate control wizard on the appropriate OU containing the pupil accounts.

**MarkBerridge** · 16th March 2012, 09:41 AM

How would the staff then see how to reset the passwords? Remote Server Administration Tools?

TheLibrarian · 16th March 2012, 09:42 AM

That would be the custom MMC part.

You can focus the MMC on a particular part of AD, and as long as you have delegated control they can use that to reset passwords.

TheLibrarian · 16th March 2012, 09:49 AM

Code:

 @echo offsetlocal


:start
cls
echo,
echo,
set /p _username_=Please enter the username :


if "%_username_%" == "q" goto end


for /f "tokens=1* delims=*" %%i in ('dsquery user -limit 1 -samid "%_username_%"') do (
echo %%i
set _upn_=%%i
if NOT "%%i" == "" goto chpwd
)


goto start




:chpwd
dsmod user %_upn_% -pwdneverexpires no
dsmod user %_upn_% -pwd 123456 -mustchpwd yes


:end

I'm lazy and use this script to reset passwords.

**MarkBerridge** · 16th March 2012, 09:57 AM

So when delegating control, can you minimise what the user sees in AD? I dont really want them to see everything

**icttech** · 16th March 2012, 09:59 AM

We use Password Control, its a free application, easy to install.

we had if installed on our server (2008r2) and have a link to it on our staff profiles.

Works a treat. PM me if you want some more info.

TheLibrarian · 16th March 2012, 10:00 AM

They would see everything that they have permission to, but they would not be able to change anything.

I don't think it really matters what the teachers see, only what they can change. (Just my £0.02)

TheLibrarian · 16th March 2012, 10:01 AM

Originally Posted by icttech

We use Password Control, its a free application, easy to install.

Post a link?

**MarkBerridge** · 16th March 2012, 10:05 AM

Originally Posted by TheLibrarian

They would see everything that they have permission to, but they would not be able to change anything.

I don't think it really matters what the teachers see, only what they can change. (Just my £0.02)

You've been very helpful, thankyou

**MarkBerridge** · 16th March 2012, 10:08 AM

A link would be very helpful on here please

**dave.81** · 16th March 2012, 10:17 AM

A quick google took me to this... going to try it out later.

Password Control

TheLibrarian · 16th March 2012, 10:17 AM

Originally Posted by MarkBerridge

You've been very helpful, thankyou

You are welcome.

**sonofsanta** · 16th March 2012, 10:24 AM

Custom MMC - in a normal AD MMC, right click on the OU you want them to see and choose New Window. Save that as a new MMC and put it somewhere they can all get to. Delegate the relevant permissions to staff on that OU. Easy peasy!

**MarkBerridge** · 16th March 2012, 10:25 AM

Originally Posted by sonofsanta

Custom MMC - in a normal AD MMC, right click on the OU you want them to see and choose New Window. Save that as a new MMC and put it somewhere they can all get to. Delegate the relevant permissions to staff on that OU. Easy peasy!

Brilliant thanks

LinkBack

Thread Tools

Search Thread

Staff resetting passwords

Similar Threads

apc powerchute buisness ed reset password

Reset Password Ubuntu Server

Did I dream this thread:- Resetting password from command line

Resetting Password on HP Storageworks FiberChannel switch

Script needed to reset passwords for all users in OU

Thread Information

Users Browsing this Thread

Posting Permissions