Symptom
The "Access Denied" errors are encountered when running scripts or attempting to create new users in the Web Portal. Although the account creation and required access were successfully set up following the article: Permissions required for Active Directory and Microsoft 365 accounts used by Cayosoft Administrator, there appears to be a discrepancy between the permissions applied in Active Directory and those enforced through the Web Portal. This inconsistency is causing the operations to be blocked in the portal, despite them working correctly in Active Directory.
Resolution
To fix these errors, you need to grant the Cayosoft service account used to connect to your extension granular permissions to reset passwords for other user accounts - enable the Unexpire password option for this account for the root domain folder via the Delegate Control wizard. For that:
- Run the Active Directory User and Computers tool.
- Right-click the domain and select Delegate Control.
- Click Next to advance past the first step of the wizard.
- Click Add and specify the AD Service Account name, then click OK.
- Click Next.
- Select Create a custom task to delegate.
- On the Active Directory Object Type step, select This folder, existing objects in this folder, and creation of new objects in this folder.
- On the Permissions step, select the Unexpire password permission.
- Review your configuration and click Finish.
Comments
0 comments
Please sign in to leave a comment.