Question: A particular backup solution requires one of the following rights: Either grant it full domain admin rights over the entire domain, or grant it read, write, and create objects in the entire domain. (which is pretty close to domain admin)
If I use Delegation or manually add the rights at the domain level everything works as expected. All objects receive the rights except those OU's/Objects which explicitly have inherit permissions denied. Is there an easy to over write the deny inheritance setting? Or is there a utility that I could use to do this with? I can go though ADUC and grant the rights manually, but I would rather have an automated solution for this problem. I would expect that this is a common request rather than just giving up full domain admin rights and I"m looking for a better, smarter way of dealing with it. Thanks Steve List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
