I have a problem: some of our support staff migrated Domain Admin Sids from some NT4 domains to our main Active Directory User domain Domain Admins group: thus allow the Active Directory Domain Admins group to be able to access many of our NT4 domains without requesting access.
I have tried to delete the sidhistory using ADSI edit, but get access denied. I have full control of the object, so I believe that the DSA is telling me no.
Anyone have a good method to remove sidhistory attibutes ?
Thank You ! And have a nice day !
- [ActiveDir] Removing SidHistory from a group object- h... Mark . H . Lunsford
- RE: [ActiveDir] Removing SidHistory from a group ... Steve Linehan
