KB1127 - How to give a domain user password changing privileges

SALPS servers require its service to use a domain account that has password change privileges in Active Directory. The SALPS console passes password changes and updates to its service, which updates Active Directory, as part of its normal functions, including automatic password changes.

To set a user up with this privilege, follow these steps:

On a Domain Controller (or if you are running RSAT, connect to a Domain Controller):

  1. Run Active Directory Users and Computers.
  2. Right-click on the OU the user is in and choose 'Delegate control...'. ('Users' OU is the default OU for user accounts)
  3. Click Next, then click Add and choose the username the SALPS service is running as to modify.
  4. On the 'Tasks to Delegate' dialog box, choose 'Reset user passwords and force password change at next logon'
  5. Click Next, and then click Finish

Open Services on the server where SALPS is installed, and change the logon to the username you just modified.

You can test if the username has correct permissions by changing a password on a user and saving the changes. Or you can set an automatic password change for every '1' day and save the changes. The next day, check that the user's password has changed.

No questions yet.