Greetings -- Using adfind to identify users who have the AdminCount attribute set to 1.
Looking at the output there are users who are expected to have that set seeing that they are Domain Admins BUT i also see a handful of users who are not members of a protected group.
Using admod to set AdminCount=0 for those users temporarily sets it until the PDC mechanism runs which compares the ACLs and resets it.
If the user isn't in a protected group then what is causing this behavior? And i guess once i know that i can set AdminCount=0 for them, permanently?
tia, john List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
