A typical day of an Active Directory administrator entails working within a tool, such as Active Directory Users and Computers ( ADUC ), Active Directory Sites and Services ( ADSS ), ADManager Plus, or ADAudit Plus. These tools mask the complexities that can be hidden behind most of the objects that you are working with.
Safely Delegating Password Reset Capability in Active Directory
I have been preaching for years about how powerful Active Directory is in the ability to delegate control over certain tasks and certain objects in Active Directory. One of the most obvious delegations is giving a one group of users the ability to reset passwords for a different group of users. There are a few issues using the Microsoft solution, and those issues can cause insecure settings, hard-to-report delegations, and access to AD that is hard to find and remove