Re: Inheriting Permissions from Parent
- From: Harj <cisqokid@xxxxxxxxx>
- Date: 30 May 2007 09:57:16 -0700
On May 30, 12:01 pm, "Jorge Silva" <jorgesilva...@xxxxxxxxxxx> wrote:
Hi James
Although you say that only happens at specific OU, IMO isn't a good practice
to assign/delegate rights to users member of protected groups, here's why:
When you delegate permissions using the Delegation of Control wizard, these
permissions rely on the user object that inherits the permissions from the
parent container. Members of protected groups do not inherit permissions
from the parent container. Therefore, if you set permissions using the
Delegation of Control wizard, these permissions are not applied to members
of protected groups.http://support.microsoft.com/kb/232199
google for AdminSDHolder
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services"James" <J...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1DEF294C-733E-4080-9172-DC0676381447@xxxxxxxxxxxxxxxx
I've been running a W2K3 Native mode Single forest for about 2.5 years and
I
have about 20 OU's setup. Within one of my OU's I have many user accounts
that are not inherting permissions from its Parent.
We have delegated control to all of the OUs to our helpdesk to allow them
to
reset passwords on user accounts. To date this has worked fine but now my
helpdesk is complaining that they are unable to reset passwords on many of
the user accounts in one particular OU. They receive a message stating
Access is denied. When i check the box on the user account to inherit
permissions from its parent the helpdesk is able to reset the users
passwords
but after after awhile the check is removed from that user account and the
helpdesk is no longer able to reset the password nor is the user able to
reset his or her own password. Domain Admins have no problem resetting
these
accounts Account Operators and the Helpdesk group are not able to unless
the
inherit permissions from parent option is checked on that user account.
By
default when new accounts are created the option to inherit permissions
from
parent option is checked. This seems to only be a problem with existing
accounts and not new ones.
Any ideas?- Hide quoted text -
- Show quoted text -
Hi,
Take a look at the following article to see if this could be the cause
of your issue
AdminSDHolder Thread Affects Transitive Members of Distribution Groups
http://support.microsoft.com/kb/318180
Good luck
Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
.
- References:
- Re: Inheriting Permissions from Parent
- From: Jorge Silva
- Re: Inheriting Permissions from Parent
- Prev by Date: Re: ADAM Sync Configuration Problems
- Next by Date: Re: Keep ADAM proxies up-to-date through LDIFDE
- Previous by thread: Re: Inheriting Permissions from Parent
- Next by thread: LASS.EXE Security Account Manager initialization failed
- Index(es):
Relevant Pages
|
