So I have a tree I took over maintenance on, and I have been reorganizing as I go. I have granted access to our help desk folks to reset permissions and change the account lock out time ( necessary for them to unlock accounts ). I applied this setting at the parent OU for the users I want them administrating, but they have been unable to do so. Doing some digging, the permissions I applied at the parent OU are not automatically applying to the user objects which live within it and below it.
I can manually go in there and apply parent permissions to the objects and achieve the desired results, but there are thousands of accounts I'd have to touch. While I could vbscript it, I'm sure, I'm looking for a more elegant solution. Just like you can apply permissions to subordinate objects on a file system, I'd assume a similar option exists somewhere, and I'm just overlooking it.
I can manually go in there and apply parent permissions to the objects and achieve the desired results, but there are thousands of accounts I'd have to touch. While I could vbscript it, I'm sure, I'm looking for a more elegant solution. Just like you can apply permissions to subordinate objects on a file system, I'd assume a similar option exists somewhere, and I'm just overlooking it.