Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

Force security propagation on Active Directory objects

0 like 0 dislike
322 views
I took over a network where it appears that domain users were added to the domain admins group at some point in the past. This caused every account to block security inheritance in Active Directory. Is there an easy way to force inheritance on all user account objects again?
asked Oct 23, 2014 by Jason Berg  
are you sure its not an adminsdholder problem?
I'm pretty sure that's what the problem is (or was). Domain users were added to domain admins group which caused the adminsdholder thread to disable inheritance on every account. Now that the users are no longer part of the domain admin group, I need to re-eneable inheritance.
Oh wait...I see what's going on...even if I enable inheritance it's still going to disble it...grrrr..easy fix anyone?
so you've made sure they are not members of the other protected groups right?

1 Answer

0 like 0 dislike
 
Best answer

After you upgrade to Microsoft Windows Server 2003, you may experience the following symptoms:

  • Delegated permissions are not available to all users in an organizational unit.
  • Inheritance is automatically disabled on some user accounts approximately one time an hour
  • Users who previously had delegated permissions, no longer have them.

read carefully!

http://support.microsoft.com/kb/817433

answered Oct 23, 2014 by tony roth  
That worked so perfectly. Thank you.
...