G
Guest
We have a very small AD installation. (2 Servers) Servers were built as w2000
non AD and then upgraded to AD. When accessing the Active Directory Users and
Computers (view advanced) the '(e-mail address removed)' account from the domain
controller the following options 'grayed out' under account information for
this one account and therefore cannot be changed:
‘password never expires (which is checked on)’, ‘ store password using
reversible encryption’, ‘account is disabled’, ‘smart card is required for
interactive login’, ‘account is trusted for delegation’, ‘account is
sensitive and cannot be delegated', ‘use DES encryption types for this
account’ and ‘do not require kerberos preauthentication’ The only account
properties that can be changed is ‘User must change password at next login’
and ‘User cannot change password’.
All other accounts, (some are administrator equivalent) do NOT have these
account properties grayed out. If I create a new account with administrator
privileges these account options are again NOT grayed out.
I’m assuming I’m inheriting these restrictions for the original
Administrator account from somewhere, I have review the Domain Controller
Security, Domain Security Policy local security policy and group security
policy and do not see why these options would be grayed out for this one
important account.
Any insite on how to make these account properties accessible of the
Administrator account would be greatly appreciated.
non AD and then upgraded to AD. When accessing the Active Directory Users and
Computers (view advanced) the '(e-mail address removed)' account from the domain
controller the following options 'grayed out' under account information for
this one account and therefore cannot be changed:
‘password never expires (which is checked on)’, ‘ store password using
reversible encryption’, ‘account is disabled’, ‘smart card is required for
interactive login’, ‘account is trusted for delegation’, ‘account is
sensitive and cannot be delegated', ‘use DES encryption types for this
account’ and ‘do not require kerberos preauthentication’ The only account
properties that can be changed is ‘User must change password at next login’
and ‘User cannot change password’.
All other accounts, (some are administrator equivalent) do NOT have these
account properties grayed out. If I create a new account with administrator
privileges these account options are again NOT grayed out.
I’m assuming I’m inheriting these restrictions for the original
Administrator account from somewhere, I have review the Domain Controller
Security, Domain Security Policy local security policy and group security
policy and do not see why these options would be grayed out for this one
important account.
Any insite on how to make these account properties accessible of the
Administrator account would be greatly appreciated.