Delegate Rights for published certificates tab in ADUC
Hello,
I am currently looking for a way to allow our help desk employees to be able to remove expired published certificates from user accounts in AD. Currently in exchange 2007 we get warnings due to these. Though they are allowed to revoke via Certification
Authority snap ins, it seems via the ADUC user properties page/published certificates tab they are not, and as a result the expired certs stay in there. I wonder if there is a better way to streamline it, but for now just to be able to manually do this would
be a big help.
Would this be done via the Delegate Control Wizard via the users OU?
Thanks in advance!
November 4th, 2010 11:09am
Hi,
Please check if granting the Read userCertificate and
Write userCertificate permission scan meet the requirement.
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 5th, 2010 4:58am
That did it Joson
Thanks!
November 5th, 2010 9:57am
Hi,
Glad that it helps.
Have a nice day.
Joson Zhou
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2010 10:32pm