Seems that's not so easy as to find an easy vbscript for it. Found some c++ for it but that doesn't sound like what you want :) How many OU's do you have?
Also, what POS backup system are you deploying? I'd like stay as far away from that company as I possibly can. And since you have the rights to remove these settings, you probably also know the reason they were set in the first place. Seems strange that you can so easily remove those rights though. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Sent: Tuesday, August 03, 2004 6:07 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing permissions in AD Question: A particular backup solution requires one of the following rights: Either grant it full domain admin rights over the entire domain, or grant it read, write, and create objects in the entire domain. (which is pretty close to domain admin) If I use Delegation or manually add the rights at the domain level everything works as expected. All objects receive the rights except those OU's/Objects which explicitly have inherit permissions denied. Is there an easy to over write the deny inheritance setting? Or is there a utility that I could use to do this with? I can go though ADUC and grant the rights manually, but I would rather have an automated solution for this problem. I would expect that this is a common request rather than just giving up full domain admin rights and I"m looking for a better, smarter way of dealing with it. Thanks Steve List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
