|
Thanks for the info.
It looks like the users were once part of a protected group, I reset the
inheritance flag and it holds on the users after that process that runs every
hour. Hi Ben,
Putting aside AdminSDHolder for a moment....maybe
you were looking for the /P:N option instead? Of course this
may increase the number of ACEs on the object more than what you'd like, but I
saw the /I:T thing and thought that's more applicable to the parent
object, rather than the leaf object. Hopefully I understood correctly... -DaveC From: [EMAIL
PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Steve Linehan Just out of curiosity when you go back an hour later is the
box unchecked? This really sounds like the work of AdminSDHolder and the
users in question are likely members of protected groups. If you have not
looked at the following Knowledge Base article you may want to see if
this is what you are running into: http://support.microsoft.com/default.aspx?scid=kb;en-us;817433. Thanks, -Steve From: [EMAIL
PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of some users do not have allow
"inheritable permissions" set. The only way I have found to reset
that setting is to open each user and check that option off. I have tried running dsacls
OU=ou,DC=dc,DC=dc /I:T and it seems to go through ok but does not reset that
option. Should that work? Or does anyone know any other way to set that option
on multiple users Thanks Ben |
- RE: [ActiveDir] some users do not have allow "... Ben D. Kusa
- RE: [ActiveDir] some users do not have allow ... Almeida Pinto, Jorge de
