I usually reset via gui - (Default button under advanced)
or I believe dsacls /s should do it as well
Thank you and have a splendid
day!
Kind Regards,
Freddy Hartono
Group Support
Engineer
InternationalSOS Pte Ltd
mail:
[EMAIL PROTECTED]
phone: (+65)
6330-9785
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Tuesday, April 25, 2006 3:36 AM
To: [email protected]
Subject: Re: [ActiveDir] Speaking of Adminsdholder...
Thats what I thought.
But I have a admin who is an Account Operator and in a group which has
Exchange Full Admin rights on the Org who gets an access denied error when
trying to delete an exchange mailbox
The user he is trying to delete used to be an Account Op but I took him out
of the group days ago and set perms to inherit on his account.
This admin can delete the mailbox of any Domain User account but not
this one.
This account is a member of 2 other groups which are just regular global
groups and are not nested into any of the protected groups.
In fact the groups are not nested in any groups.
What could be preventing him from deleting his mailbox?
This admin is not a member of any groups which have denies(explicit or
inherited) that i can see.
Thanks
On 4/24/06, [EMAIL PROTECTED]
< [EMAIL PROTECTED]>
wrote:
The behavior is not due to their being in a group given "Exchange Full Admin"
rights. The behavior is due to those accounts belonging to groups that are
protected by adminsdholder. The default protected groups (in 2K3, 2K-SP4, and
2K-with-KB327835 AD environments) are:
* Administrators
* Account Operators
* Server Operators
* Print Operators
* Backup Operators
* Domain Admins
* Schema Admins
* Enterprise Admins
* Cert Publishers
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.readymaids.com < http://www.readymaids.com> - we know IT
www.akomolafe.com <http://www.akomolafe.com>
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Mon 4/24/2006 10:15 AM
To: activedirectory
Subject: [ActiveDir] Speaking of Adminsdholder...
Does this affect users who have been delegated Exchange Full Admin access?
I have a admin who can only delete mail attributes of regular users but not
users who are in the group given Exchange Full Admin rights.
Is this the adminSDHolder?
The admin in question is an Account Operator.
The users he can't delete mail attribs from are just members of Domain Users
and the Exchange Full Admin group.
Thanks
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
