< Back
You are here:

Resetting an Active Directory user password is normally restricted to IT Admin staff. The Managed Directory User Account feature in NetSupport DNA allows a user of the DNA Console to reset Active Directory passwords and enable/disable user accounts. Passwords can also be reset using the NetSupport School Tutor or Tech Console.

By default, normal users in Active Directory or users of Active Directory who are not members of the ‘Administrators’ group or ‘Domain Admins’ group do not have the required level of access to reset user passwords. The Delegation of Control wizard can be used to enable access for the Active Directory security group or the individual users.

Step 1
On a domain machine, log in as a domain administrator with Remote Server Administration Tools installed:

Create a global security group and add the user accounts who will need to operate the NetSupport DNA Manage Users facility as members of the group.

Delegate the permissions to the security group:

  1. Click Start, click Run, type dsa.msc in the Open box, and then click OK.
  2. Right click the Organisational Unit containing the users who you wish to reset the passwords of and click Delegate Control.
  3. Click Next and then click Add.
  4. Enter your group name, click Add, and then click OK.
  5. Click Next, check Create a custom task to delegate and then click Next.
  6. Click Only the following objects in the folder, select the User objects check box, and then click Next.
  7. Select the General and the Propertyspecific options.
  8. Select the check boxes:
    • To enable change password.

    • To allow unlocking of accounts.

      • To enable force password change at next logon.

      • To allow enable\disable accounts (not required for non-console users, i.e. those using the Agent instigated password reset facility).

  1. Click Next, and then click Finish.

Step 2

  1. In the NetSupport DNA Console, select the Settings tab and click Operators.
  2. Click Roles.
  3. In the role ensure that the Can Manage AD User accounts (unlock, change/set passwords etc) permission is enabled.
  4. Associate this role to the security group that has been created in step 1.
  5. Click OK.
Was this article helpful?
5 out Of 5 Stars

2 ratings

5 Stars 100%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Need help?