Hello there!

Need Help? We are right here!

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Contents

Overview

Install moADManagement

Admin Registration

Admin Dashboard

Role Management

Create New Role

Manage User Roles

Self Service Manager

Add a New Password Policy

How to Edit or Delete a Password Policy?

Configure Profile Mapping in AD Tools

Add Profile Fields in the User Profile

Password Filter

Restrict Blacklisted Passwords

Notification Gateways

Email Notification Gateway

SMS Notification Gateway

Multi-Factor Authentication

Setup Multi-Factor Authentication

Configure Built-in MFA Methods

Manage Alerts

Password Expiry Notification

Object Management

User Management

Add & Update User Accounts

Send Reminders to Users

Unlock User Accounts

Group Management

Add Group to Active Directory

OU Management

Add OU to Active Directory

Update OU in Active Directory

Least Privilege AD User Permissions for miniOrange SSP

Least Privilege Permissions (SSP)

Account Lockout Delegation (SSP)

User Profile Update Delegation (SSP)

Password Reset Delegation (SSP)

Fine-Grained Password Policy Delegation (SSP)

A brief overview of the deployment, summary, and issues observed during the miniOrange AD Tools POC.

Steps to Delegate Control at Domain Level

Go to the Domain level in Active Directory Users and Computers (ADUC).
Right-click on the domain name and select Delegate Control.
Click Next.

steps to delegate control at domain level

Select the User or Group

Select the user or security group to whom you want to delegate access.
Click Next.

Select Users or Groups

Choose Custom Delegation Task

Select Create a custom task to delegate.
Click Next.

Choose tasks to delegate

Select the Objects to Delegate

Under Only the following objects in the folder, select:

msDS-PasswordSettings objects
msDS-PasswordSettingsContainer objects

These represent access to:

The FGPP container
Fine-Grained Password Policy object

Select objects to delegate

Assign Create/Delete Permissions (If Required)

To allow the user/group to create FGPP policies, check:

Create selected objects in this folder

To allow the user/group to delete FGPP policies, check:

Delete selected objects in this folder

Click Next.

assign create delete permissions

Configure Read or Write Access

On the Permissions page, select:

General
Property-specific

For Read-Only Access

Grant Read permissions to allow viewing policies such as policy name and settings.

For Write Access (Modify Policies)

Select the following options:

Write
Read all properties
Write all propertie

configure read and write access

Finish Delegation

Click Next.
Review the selections.
Click Finish to complete the delegation setup

Note:

These permissions provide read-only access to the Default Domain Password Policy. Read and write permissions apply only to Fine-Grained Password Policies (FGPP) and do not allow modification of the default policy.