![]() ![]() ![]() Enable Advanced Settings, open the properties of the user account, and click the Advanced… button in the Security tab to see if inheritance is enabled or disabled. You can check if an individual service account has security inheritance disabled in AD Users and Computers. Identifying Accounts with Security Inheritance Disabled ![]() Those users will encounter errors when attempting to enroll or reset their passwords, and you may see additional errors in the event logs of your Password Reset or Gatekeeper server. This works great for normal user accounts however, for any accounts where security inheritance is disabled, our service account will not be able to interact with those user accounts. We do this so we can operate on user accounts in your Active Directory without requiring Domain Admin or other high privilege group membership that would introduce additional security risk. When you add an OU or OUs to your management scope, we delegate extremely granular permissions for our service account to the user accounts within that OU. Specops Password Reset, uReset, and Specops Authentication all use low privilege service accounts in Active Directory. ![]() Troubleshooting user account permissions – AdminSDHolder ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |