hello
why do I need to " Removing Extended Rights" ? only IT folks should have the ADTools and /or ADSIEdit to see the password.
can normal users get the passwords?
I was just going to give Set-AdmPwdReadPasswordPermission andSet-AdmPwdResetPasswordPermission to my helpdesk group.