What is the Account Operator?

Created on 2003-02-25 by Rainer Gerhards.

This group is only available on Windows 2000 servers acting Domain Controllers.

It allows its members to administer user and group accounts for systems and domains. By default, Account Operators have permission to create, modify, and delete accounts for users, groups, and computers in all containers and organizational units (OUs) of Active Directory except the Builtin container and the Domain Controllers OU. Account Operators do not have permission to modify the Administrators and Domain Admins groups, nor do they have permission to modify the accounts for members of those groups.

This information was verified with Windows 2000.



Would you like to discuss this object? Have a look at our Windows event forum or post a question there!

Analysis, monitoring, near-real-time alerting of the Windows event log can be done with by MonitorWare Agent.

All information in this section is to the best of our knowledge but without warrenty of any kind. This is free information - use it at your sole risk.

[Back to the Security Reference]


 

Back to Non-Printer Version