Scribd
Upload
17 views

Active Directory Account Unable To Log in

Uploaded by

ravali ravipati
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
17 views

Active Directory Account Unable To Log in

Uploaded by

ravali ravipati
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Active Directory account unable to log in - error message is

access denied
DATE created: 26/08/2021

Author: [email protected]

Applies to:   Windows Server 2012 R2

Prerequisite

Active Directory account unable to log in:

1. Select Start, select Run, type dsa.msc, and then select OK.


2. In the task pane, expand the domain node.
3. Locate and right-click the OU that you want to modify, and then
select Delegate Control.
4. In the Delegation of Control Wizard, select Next.
5. Select Add to add a specific user or a specific group to the Selected users
and groups list, and then select Next.
6. In the Tasks to Delegate page, select Create a custom task to delegate,
and then select Next.
7. Select Only the following objects in the folder, and then from the list,
click to select the Computer objects check box. Then, select the check
boxes below the list, Create selected objects in this folder and Delete
selected objects in this folder.
8. Select Next.
9. In the Permissions list, click to select the following check boxes:
o Reset Password
o Read and write Account Restrictions
o Validated write to DNS host name
o Validated write to service principal name
10. Select Next, and then select Finish.
11. Close the "Active Directory Users and Computers" MMC snap-in.

To resolve the issue in which users can't reset passwords, follow these steps:

1. Select Start, select Run, type dsa.msc, and then select OK.


2. In the task pane, expand the domain node.
3. Locate and right-click Builtin, and then select Properties.
4. In the Builtin Properties dialog box, select the Security tab.
5. In the Group or user names list, select Account Operators.
6. Under Permissions for Account Operators, click to select the Allow check
box for the Read permission, and then select OK.

You might also like