Re: user security tab

---

• From: "Jorge de Almeida Pinto [MVP]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
• Date: Mon, 5 Jun 2006 16:42:36 +0200

---

read the blog posts for information on the adminsdholder

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:uA0GcfKiGHA.4416@xxxxxxxxxxxxxxxxxxxxxxx

some of the users that show up using this already have the inheritance
enabled.. any idea why?

"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:e%23PTnQphGHA.4404@xxxxxxxxxxxxxxxxxxxxxxx

yep that seems to do the trick
thanks

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message
news:%23et0AvohGHA.3996@xxxxxxxxxxxxxxxxxxxxxxx

then that is most probably the "adminsdholder thing"

see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/05/16/981.aspx

you can use the following to determine who does not have permission
inheritance enabled:
ADFIND -b "<DN of OU to check>" -s subtree -f
"(&(|(objectCategory=group)(&(objectCategory=person)(objectClass=user)))(adminCount=1))"
-dn

ADFIND can be downloaded from www.joeware.net

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:er$6RkohGHA.3756@xxxxxxxxxxxxxxxxxxxxxxx

I don't know what the adminsdholder thing is..
some users are not getting security from the parent because the box
isn't checked for some reason, how do I see who doesn't have it checked

thanks

"Jorge de Almeida Pinto [MVP]"
<SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in
message news:ee%23NE7nhGHA.3424@xxxxxxxxxxxxxxxxxxxxxxx

if you are asking because of the adminsdholder thing... you could also
query for objects (users and groups) that have admincount=1

e.g.
ADFIND -b "<DN of OU to check>" -s subtree -f
"(&(|(objectCategory=group)(&(objectCategory=person)(objectClass=user)))(adminCount=1))"
-dn

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:OWwSFwnhGHA.4712@xxxxxxxxxxxxxxxxxxxxxxx

Is there a way I can check all my user objects to see if inherent
rights from parent is set on the advanced tab of the security tab?

thanks
John

.

---

• Follow-Ups:
  • Re: user security tab
    • From: John M

• References:
  • user security tab
    • From: John M
  • Re: user security tab
    • From: Jorge de Almeida Pinto [MVP]
  • Re: user security tab
    • From: John M
  • Re: user security tab
    • From: Jorge de Almeida Pinto [MVP]
  • Re: user security tab
    • From: John M
  • Re: user security tab
    • From: John M

• Prev by Date: Re: user security tab
• Next by Date: Re: ERROR_NO_SUCH_DOMAIN
• Previous by thread: Re: user security tab
• Next by thread: Re: user security tab
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: migration AD 2000 to 2003 ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Jorge de Almeida Pinto wrote: ... (microsoft.public.win2000.active_directory) Re: Odd Win2k3 Request ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... Jorge de Almeida Pinto wrote: ... (microsoft.public.windows.server.active_directory) Re: Core servers ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... INF and RID roles for the child domain be isolated ... (microsoft.public.windows.server.active_directory) Re: FMSO question ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... I plan on reinstalling DC1 as a domain controller, ... (microsoft.public.windows.server.active_directory) Re: Report in Active Directory ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)