![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 69%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,080 questions
Hi Mart,
Running the delegation wizard multiple times will not affect the existing permissions that have been assigned, as it only adds more permissions each time it is run.
The delegation of the Create, Delete, and Manage user accounts, and Reset user passwords and force password change at the next logon will assign the following permissions, permissions have been assigned to the 'Perms' users.
As these permissions will give you full permissions to the user objects, you don't technically need to delegate additional rights to unlock the accounts.
When you fix the problem, are you removing the users from the groups or just removing the permissions and reapplying them? When you do this, does the user need to restart ADUC to enable the grey options?
If you want to check that the permissions are still being applied to the user you can either the check the value of the sDRightsEffective attribute and confirm that it's 15 or use https://nettools.net/effective-permissions/ to look at the effective permissions.
Gary.