I have a set of users in Active Directory. They are technical users, ie not associated to a real person. I need to associate them with some password different from the one they already have. Indeed this password will give them only limited rights as compared to their full rights.
I understand that an appropriate way to do this is to create new users with similar names (for example, if I have an account username, I will create restricted-username). This way I can give the restricted rights to restricted-username and use this user.
But doing this I will end up with twice many users to manage. Is there a way to link two users ? For instance, if I delete username, then restricted-username is deleted as well ? Or linking properties of the two users (some properties of restricted-username would points to the ones of username)?
Thanks in advance for your help!
Best Answer
You want a similar user with a different name and different privileges somehow linked to an original user. AD can't do this. A user account is a user account and privileges or group membership are granted to the user account/SID.