I have the task in SCSM to "unlock an AD User Account." It works fine for me, but one of my analysts gets an error when he tries it. It says he has insufficient access rights to perform the operation. He can go into AD and unlock the account himself though, so I am not sure why he gets that.
Unlock AD User Account Task Error
June 27th, 2013 3:29pm
Have you tried letting his user run the PS-script directly?
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2013 12:55pm
you have two different error. first is not related to scsm: your user has no right to use ad cmdlets. the second one is error about action log. this is because the task is failed and there nothing to write in action log.
June 28th, 2013 9:53pm
I had him try. We tried two names, one that is the domain admin and one that is a normal user. He can unlock either one from th AD console directly. Here is what I get:
And here is his:
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 1:08pm
And again, this is NOT scsm-related problem but security-related problem.
The member of Domain Admin only (unless you not specify this rights directly) can unlock any account.
July 3rd, 2013 1:55pm
But if he can unlock the same users from AD, I don't understand why this is. Doesn't it use his credentials to run the task?
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2013 2:06pm