Modify Active Directory Object Permission
hello,
i have issue on company's active directory. run 2003 @ time.
i have on 1700 group objects have various permissions need removed. of them oprhaned sids, write properties , modify permission properties. there 3000 accesses in total need removed. able retrieve permissions need remove using reporting tool.
does know of way script removal of these permissions? rather not have manually remove these...
thanks
now moderator has nicely locked post....
dsacls not work because cannot remove specific permissions, can allow or deny permissions, , not of them, @ that. nice try... looked that.
i have since found work around.. i'm going set acls inherit default permissions, add permissions want added back, beyond inherited permissions.
i have issue on company's active directory. run 2003 @ time.
i have on 1700 group objects have various permissions need removed. of them oprhaned sids, write properties , modify permission properties. there 3000 accesses in total need removed. able retrieve permissions need remove using reporting tool.
does know of way script removal of these permissions? rather not have manually remove these...
thanks
now moderator has nicely locked post....
dsacls not work because cannot remove specific permissions, can allow or deny permissions, , not of them, @ that. nice try... looked that.
i have since found work around.. i'm going set acls inherit default permissions, add permissions want added back, beyond inherited permissions.
you can use dsacls.exe utility found in support tools. available download here: http://www.microsoft.com/downloads/details.aspx?familyid=6ec50b78-8be1-4e81-b3be-4e7ac4f0912d&displaylang=en
a guide can found here: http://support.microsoft.com/kb/281146
if need more information on subject please post question in windows 2003 newsgroup, you'll find here: http://technet.microsoft.com/windowsserver/bb841405.aspx
Windows Server > Directory Services
Comments
Post a Comment