Re: user security tab

then that is most probably the "adminsdholder thing"

see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/05/16/981.aspx

you can use the following to determine who does not have permission
inheritance enabled:
ADFIND -b "<DN of OU to check>" -s subtree -f
"(&(|(objectCategory=group)(&(objectCategory=person)(objectClass=user)))(adminCount=1))"
-dn

ADFIND can be downloaded from www.joeware.net

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:er$6RkohGHA.3756@xxxxxxxxxxxxxxxxxxxxxxx
I don't know what the adminsdholder thing is..
some users are not getting security from the parent because the box isn't
checked for some reason, how do I see who doesn't have it checked

thanks

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:ee%23NE7nhGHA.3424@xxxxxxxxxxxxxxxxxxxxxxx
if you are asking because of the adminsdholder thing... you could also
query for objects (users and groups) that have admincount=1

e.g.
ADFIND -b "<DN of OU to check>" -s subtree -f
"(&(|(objectCategory=group)(&(objectCategory=person)(objectClass=user)))(adminCount=1))"
-dn

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:OWwSFwnhGHA.4712@xxxxxxxxxxxxxxxxxxxxxxx
Is there a way I can check all my user objects to see if inherent rights
from parent is set on the advanced tab of the security tab?

thanks
John







.

Relevant Pages

  • Re: user security tab
    ... * This posting is provided "AS IS" with no warranties and confers no ... some users are not getting security from the parent because the box isn't ... rights from parent is set on the advanced tab of the security tab? ...
    (microsoft.public.win2000.active_directory)
  • Re: user security tab
    ... * This posting is provided "AS IS" with no warranties and confers no ... rights from parent is set on the advanced tab of the security tab? ...
    (microsoft.public.win2000.active_directory)
  • RE: How to edit a Xml in a UserControl
    ... To "move" an XmlNode, you have to remove it from its parent using ... (This posting is provided "AS IS", with no warranties, and confers no ...
    (microsoft.public.dotnet.xml)
  • Re: Datagrid, data relations and joins revisited
    ... It seems that we cannot use Child in this way. ... serveral child rows from the parent table row. ... "This posting is provided "AS IS" with no warranties, and confers no ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Install Windows Patch via GPO
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.windows.group_policy)