The world's most trusted forum on Active Directory Security
I would like to know what Active Directory Control Access Rights are and what they are used to control? I am trying to troubleshoot an Active Directory access related issue, and have come across many control access rights granted in Active Directory access control lists.
For example, there is the Change Password right which seems to be granted to Everyone, and there is a Reset Password right which seems to be granted to IT Team, and then there is a Validated Write, and I am all confused.
Basically I am trying to determine why one of our admins is unable to reset a particular user's account. One of our AD admins told me to look at the ACL on the user's object and detemine whether or not that admin has sufficient permissions, and as I look at it, I am seeing many Special Permissions, and when I click on them, most seem to be some type of control access rights.
A simple explanation of Control Access Rights would be appreciated.