Re: User account security inheritance

From: Chris (chris_at_icorp.net)
Date: 06/09/04 

Date: Wed, 9 Jun 2004 15:30:27 -0400

Wayne,

That's it. I forgot about this.

Thanks,
Chris

"Wayne Tilton" <Wayne_Tilton@NoSpam.Yahoo.com> wrote in message
news:Xns95037B07524A0NWDCLMIT@207.46.248.16...
> "Chris" <chris@icorp.net> wrote in
> news:OvId0ElTEHA.3664@TK2MSFTNGP12.phx.gbl:
>
> > I'm developing an asp application that will allow users to update
> > their information in Active Directory. The application is working
> > perfectly for 90% of people. Those who can't update their information
> > receive the following message: "Active Directory error '80070005'
> > General access denied error. These users are in the same container as
> > those who are working (cn=users,dc=...) and access has been delegated
> > to "self" to update the attributes in question (address, employeeID,
> > etc)
> >
> > I've found that the accounts who receive this error are not inheriting
> > security settings that were delegated at cn=users. When I check the
> > box to enable from parent container, the permissions apply
> > immediately, but when I check at a later time, the box is unchecked
> > and their permissions are no longer inherited.
> >
> > How do I get these permissions to stick? Has anyone seen this before?
> >
> > Thanks,
> > Chris
> >
> >
>
> Users in one of the 'protected groups' (the list of which was updated
> with SP4 to W2k3 level) get 'fixed' by the AdminSDHolder role once per
> hour. Do a search on adminsdholder and you'll find all sorts of
> information, including this:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;817433
>
> Bottom line: working as designed
>
> Wayne
>
> --
> Standard Disclaimer: I said it, they didn't, so blame me, not them!
> Spam Avoidance: My reply address is invalid to confuse the spambots.
> You can reach me at 'Wayne_Tilton at yahoo dot com'

Relevant Pages

  • User account security inheritance
    ... I'm developing an asp application that will allow users to update their ... "Active Directory error '80070005' General access denied ... enable from parent container, the permissions apply immediately, but when I ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cant assign calendar permissions to a group
    ... to be able to use a security group so that I can manage membership of ... By testing I have verified that a resource calendar's permissions can ... integral concept within Active Directory. ... Only individual users can be granted membership. ...
    (microsoft.public.exchange.admin)
  • Re: Security User access question
    ... >> I am not even sure if Active Directory can provide this ... >it could be done with vbscript. ... >permissions, what permissions they have and, in the case ... >enumerate the group membership to find out the users. ...
    (microsoft.public.security)
  • Re: Security User access question
    ... > I am not even sure if Active Directory can provide this ... permissions, what permissions they have and, in the case of a group, ... enumerate the group membership to find out the users. ... The other option would be to combine vbscript with perms.exe (from the ...
    (microsoft.public.security)
  • Re: Enable Email to a Document Library in Sharepoint 3.0
    ... When email enabling a document library, you have to ensure that the application pool account has permissions in Active Directory to create an email enabled contact. ... You must configure SMTP on the Farm level before you can configure it on the Web Application and ultimately email enable a document library. ... In the Server Docs document library settings I've enabled incoming ...
    (microsoft.public.sharepoint.windowsservices)