Hi, I need to allow account operators to be able to unlock domain admins accounts. Is this possible? Thanks, James.

Hello, to control domain admins use domain admins and NOT lower permissioned accounts.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, to control domain admins use domain admins and NOT lower permissioned accounts.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Thanks. Interestingly, I've found a solution. I gave a user whose access is lower than domain admin "full control" access under user's properties and this did the trick.

Thanks. Interestingly, I've found a solution. I gave a user whose access is lower than domain admin "full control" access under user's properties and this did the trick. Note that modifying the ACL on a Domain Admin account isn't permanent - permissions over these accounts are controlled by the AdminSDHolder object in Active Directory. Your PDC Emulator will reset the ACL on these accounts with the ACL on the AdminSDHolder object on a regular basis. This is done to prevent tampering with privileged accounts in your AD forest. Here is some more information that is a pretty decent read: http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx Edit: Also, I strongly recommend not doing what you are trying to do.

Yes, I found that the permissions were removed a few mins after that. I will have to give this up as I don't think it's possible.

http://support.microsoft.com/kb/294952 this link shows you to steps of delegation user account or group.Darshana Jayathilake

Hello, see here about AdminSDHolder and why permissions are reset for specific security groups. http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspxBest regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, see here about AdminSDHolder and why permissions are reset for specific security groups. http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspxBest regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.