Re: User account attributes greyed out
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 02/19/05
- Next message: Joe Richards [MVP]: "Re: Unlock acct permissions"
- Previous message: Ryan Hanisco: "Re: ADMT SID History error"
- In reply to: Mark Knijnenburg: "Re: User account attributes greyed out"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 19 Feb 2005 12:36:50 -0500
Run the following command against an old account and a new account, let me know
if there is a delta in the output
adfind -default -f samaccountname=username allowedAttributesEffective
You can get adfind on my website, www.joeware.net
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Mark Knijnenburg wrote: > ACLs correct - Domain Admins Full Control. ACLs are > identical between older accounts (pre-upgrade) and newly > created accounts. > > Mark > > >>-----Original Message----- >>Verify the actual ACLs on the objects. >> >> joe >> >>-- >>Joe Richards Microsoft MVP Windows Server Directory > > Services > >>www.joeware.net >> >> >>Mark Knijnenburg wrote: >> >>>A client of mine has upgraded their domain from NT4 to >>>2000. Accounts that were present in the domain before > > the > >>>upgrade can be administered by Domain Admin accounts > > that > >>>were also present before the upgrade, but newly > > created > >>>Domain Admin accounts cannot change these older > > accounts > >>>at all (all attributes greyed out). However, newly >>>created domain admin accounts can administer newly >>>created user accounts, all attributes can be modified. >>>Anyone seen this? >> >>. >>
- Next message: Joe Richards [MVP]: "Re: Unlock acct permissions"
- Previous message: Ryan Hanisco: "Re: ADMT SID History error"
- In reply to: Mark Knijnenburg: "Re: User account attributes greyed out"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
