Reset Search
 

 

Article

Why Are "Reset Password" Permissions Needed for the Standard User in NAC LDAP Configurations

« Go Back

Information

 
TitleWhy Are "Reset Password" Permissions Needed for the Standard User in NAC LDAP Configurations
Question
Why is it necessary to give a Standard User "Reset password" permissions for use as the Administrator Username in NAC LDAP Configurations?
Environment
NAC 7.x and lower
Answer
Per the Microsoft KB Article "https://support.microsoft.com/en-us/kb/932455": Note A user or a group cannot join a computer to a domain if the specified user or specified group does not have the Reset Password permission set for the computer objects. Users can create new computer accounts for the domain without this permission. But if the computer account is present in Active Directory already, they will receive the "Access is denied" error message because the Reset Password permission is required to reset the computer object properties for the existing computer object.
 
Additional notes
As of 8.x version of software samba permission requirements have been changed. See the following article: 
Active Directory Permissions For NAC NTLM Authentication

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255