I wanted to ask this question since I had seen this behavior and could not find any Microsoft documentation.
The scenario as below;
There is an application which is designed to allow users to change their own password by registering a website.
Its service account can be configured with a delegated domain user account as long as it is a local administrator on the server where the application running, and all the required privileges delegated. For instance, it must be delegated to write keyword, comment attributes...etc.
Once the application has been configured with the delegated user account, the site can be registered by all the users but Domain Admins, the service account can read and go thru all the steps but when it needs to write something to this privileged account(domain admin), gets "access denied" error.
I have seen this behavior before. What I would like to know is, does this happen due to Microsoft design? If so how? When a delegated user interacting with the privileged users, would it be denied regardless?
Thanks in advance for replies.
The scenario as below;
There is an application which is designed to allow users to change their own password by registering a website.
Its service account can be configured with a delegated domain user account as long as it is a local administrator on the server where the application running, and all the required privileges delegated. For instance, it must be delegated to write keyword, comment attributes...etc.
Once the application has been configured with the delegated user account, the site can be registered by all the users but Domain Admins, the service account can read and go thru all the steps but when it needs to write something to this privileged account(domain admin), gets "access denied" error.
I have seen this behavior before. What I would like to know is, does this happen due to Microsoft design? If so how? When a delegated user interacting with the privileged users, would it be denied regardless?
Thanks in advance for replies.