Thanks guys! With this I went back and corrected a few other accounts that I knew at one point has been DA.
Dave -----Original Message----- From: Michael B. Smith [mailto:[email protected]] Sent: Friday, January 06, 2012 7:51 PM To: NT System Admin Issues Subject: RE: Not even sure how to look this one up This is necessary, but not always sufficient. You may also have to set the adminSDHolder attribute to zero: objADObject.Put "adminSDHolder", 0 Just applying inheritable permissions fixes SOME things. Others require the reset value... Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Friday, January 06, 2012 7:36 PM To: NT System Admin Issues Subject: Re: Not even sure how to look this one up On Fri, Jan 6, 2012 at 14:21, David Lum <[email protected]> wrote: > As a matter of fact, yes they were. I think early on messing with > these guys is where I learned about AdminSDHolder. Looks like I get to > use ADSIEDIT right? I stole this from somewhere, and saved it in a file called ClearAdminSDHolderForOneUser.vbs. Worked just fine. Kurt ' ========= VBScript program =========== ' VBScript program to toggle "allow inheritable permissions from ' parent to propagate to this object" on the Security tab of the object. Option Explicit Const SE_DACL_PROTECTED = &H1000 Dim objADObject, objNtSecurityDescriptor, intNtSecurityDescriptorControl ' Distinguished Name of user object hard coded. Set objADObject = GetObject("LDAP://cn=Kurt Buff,ou=it,ou=users,ou=us,dc=mycompany,dc=com") ' Retreive security descriptor object for this object. Set objNtSecurityDescriptor = objADObject.Get("ntSecurityDescriptor") ' Retrieve control settings. intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control ' Toggle the bit for "allow inheritable permissions". intNtSecurityDescriptorControl = intNtSecurityDescriptorControl Xor SE_DACL_PROTECTED ' Save control settings in the security descriptor object. objNtSecurityDescriptor.Control = intNtSecurityDescriptorControl ' Save the security descriptor object. objADObject.Put "ntSecurityDescriptor", objNtSecurityDescriptor ' Update the user object. objADObject.SetInfo Wscript.Echo "Done" ' ========= VBScript program =========== ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
