Guest Drew Govnyak Posted May 21, 2008 Posted May 21, 2008 I have over 1000 users in Active Directory on a Windows 2003 in native AD mode. Some users were brought in to AD from NT 4.0 with Exchange 5.5 by the means of the AD connector. If I look at the security tab of the imported users, and click the Advanced button, the inheritance of the permissions from the parent is not checked, but any user that was copied or created from scratch in 2003 AD has the checkbox checked. Is there a utility I can run that would give me a report on who has the inheritance enabled and who does not. Ideally I would want to have the inheritance checkbox checked for all of the users in AD. Not sure if there is anything in Windows Server support tools? Thanks
Guest Jorge Silva Posted May 21, 2008 Posted May 21, 2008 Re: User Security Inheritance in Active Directory Hi Check membership for protected groups: http://support.microsoft.com/kb/817433 -- I hope that the information above helps you. Have a Nice day. Jorge Silva MCSE, MVP Directory Services
Guest Drew Govnyak Posted May 21, 2008 Posted May 21, 2008 Re: User Security Inheritance in Active Directory I ran ldifde -f Admincount-1.txt -d dc=mydomain.local -r "(&(objectcategory=person)(objectclass=user)(InheritanceFlag=1))" and ldifde -f Admincount-1.txt -d dc=mydomain.local -r "(&(objectcategory=person)(objectclass=user)(InheritanceFlag=0))" but got No Entries found The command has completed successfully Am i missing something? "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:usgmsu3uIHA.1240@TK2MSFTNGP02.phx.gbl... > Hi > Check membership for protected groups: > http://support.microsoft.com/kb/817433 > > -- > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MCSE, MVP Directory Services
Guest Paul Adare Posted May 21, 2008 Posted May 21, 2008 Re: User Security Inheritance in Active Directory On Wed, 21 May 2008 16:14:02 -0400, Drew Govnyak wrote: > I ran > > ldifde -f Admincount-1.txt -d dc=mydomain.local -r > "(&(objectcategory=person)(objectclass=user)(InheritanceFlag=1))" > and > ldifde -f Admincount-1.txt -d dc=mydomain.local -r > "(&(objectcategory=person)(objectclass=user)(InheritanceFlag=0))" > > but got > > No Entries found > The command has completed successfully > > Am i missing something? The dc= entry should be dc=mydomain,dc=local -- Paul Adare http://www.identit.ca One person's error is another person's data.
Guest Jorge Silva Posted May 21, 2008 Posted May 21, 2008 Re: User Security Inheritance in Active Directory Agree with Paul. -- I hope that the information above helps you. Have a Nice day. Jorge Silva MCSE, MVP Directory Services
Guest Jorge de Almeida Pinto [MVP - DS] Posted May 22, 2008 Posted May 22, 2008 Re: User Security Inheritance in Active Directory see: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/16/86.aspx http://blogs.dirteam.com/blogs/jorge/archive/2006/05/16/981.aspx -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------ * How to ask a question --> http://support.microsoft.com/?id=555375 ------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------ "Drew Govnyak" <no-email-here@none.com> wrote in message news:%23nOAEp2uIHA.4772@TK2MSFTNGP03.phx.gbl... >I have over 1000 users in Active Directory on a Windows 2003 in native AD >mode. > > Some users were brought in to AD from NT 4.0 with Exchange 5.5 by the > means of the AD connector. If I look at the security tab of the imported > users, and click the Advanced button, the inheritance of the permissions > from the parent is not checked, but any user that was copied or created > from scratch in 2003 AD has the checkbox checked. Is there a utility I can > run that would give me a report on who has the inheritance enabled and who > does not. Ideally I would want to have the inheritance checkbox checked > for all of the users in AD. > > Not sure if there is anything in Windows Server support tools? > > > > Thanks > > > >
Recommended Posts