Score:-1

let teachers reset passwords of students in Active Directory

in flag
tux

I am at a school that runs ActiveDirectory (Windows Server 2012 actually) and our teachers want to be able to reset students passwords, they won't use the ticket system in case a student forgets their password but will be angry on the IT-Administration (duh!)

So I just want to give them the option to reset students passwords (only students passwords!). How do I do this?

Katherine Villyard avatar
co flag
I know this isn't technically what you're asking (and I'm not your downvoter, but imagine they agree with me) but this strikes me as more of a culture issue than a technical issue. What you're asking is certainly doable, but teachers should (IMHO) just use the ticket system. (Sorry! You probably think they should use the ticket system, too!)
tux avatar
in flag
tux
Yes I do but I also don't want them to be angry on me. It's really annoying. Teachers would rather let students use their own (the teachers account) than writing a ticket although I told them they should not. Teachers have access to shared folders that students should not be able to access. How do other schools solve this? You're right, it's a culture issue.
Katherine Villyard avatar
co flag
Sadly, someone higher up than you AND the teachers would need to back you up on this.
Score:0
ar flag

You need to follow below mentioned steps to delegate access to reset students passwords.

Open Active Directory Users and Computers.

Right-click on the user or group you want to delegate, and click Delegate Control

Click Next on the Welcome Wizard.

Click Add… and enter the user name or group name that will be granted reset permission. (E.g. ExampleDomain\Helpdesk)

Click OK once you’ve made your selection, followed by Next.

Ensure that Delegate the following common tasks is enabled, and select Reset user passwords and force password change at next logon.

Click Next, and Finish.

Right-click on the newly modified user or group, and select Properties.

Select the Security tab, and click Advanced.Click Add.

Click Select a principal and enter the user name or group name that has been granted reset permission.

Click OK.

In the Applies to field, select Descendant User object.

Scroll down and enable, Read lockoutTime, and Write lockoutTime.

Click OK three times.

https://community.spiceworks.com/how_to/1464-how-to-delegate-password-reset-permissions-for-your-it-staff

https://specopssoft.com/blog/delegated-password-reset-permission-helpdesk/

tux avatar
in flag
tux
I found this steps searching google but as far as I understand this would let teachers be able to reset everyones passwords. Plus the Domain Structure is very complicated (It is more than 20 years old and is the result of many admins trying their very best) so it's not that easy to work with OUs/Groups.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.