G
Guest
Problem:
I'm trying to solve a little mystery. I have 2300 user objects in Domain
Users. The Domain Users group is nested in Builtin\Print Operators.
According to MS 318180 all users which are traceable to the following groups
• Enterprise Admins • Schema Admins • Domain Admins • Administrators • Domain
Controllers • Cert Publishers • Backup Operators • Replicator Server
Operators • Account Operators • Print Operators
Should have the admincount = 1 as well as inheritance on the user object
broken. So the filter
(&(objectcategory=person)(objectclass=user)(admincount=1)) should give me a
result of 2300 users. But that is not the case. I get approximately 300
user objects.
I have reset inheritance on all the user objects which match the filter
(&(objectcategory=person)(objectclass=user)(admincount=1)) according to MS
817433 but when sdprop runs next it removes inheritance from these 300
objects and leaves the other 2000 alone.
So I am wondering whether sdprop is working correctly. If so how can I
debug the process?
All help would be much appreciated.
Litle history:
I have a domain which consists of a mix of windows 2000 server and windows
server 2003 domain controlers. The Current domain functional level is in
windows 2000 native mode, The current forest functional level is windows
2000.
The fsmo roles are on a windows server 2003 domain controller with sp1.
There is one domain in the forest and there are no trusts in place.
Notice that the Enterprise Admins group is in the Builtin container and not
in CN=Users,DC=corp,DC=local. It is not possible to move it without changing
permissions on the group?!
CORP\Builtin container :
dn:CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=corp,DC=local
dn:CN=Print Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Server Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Backup Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Replicator,CN=Builtin,DC=corp,DC=local
dn:CN=Account Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Guests,CN=Builtin,DC=corp,DC=local
dn:CN=Administrators,CN=Builtin,DC=corp,DC=local
dn:CN=Enterprise Admins,CN=Builtin,DC=corp,DC=local
dn:CN=Remote Desktop Users,CN=Builtin,DC=corp,DC=local dn:CN=Network
Configuration Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Incoming Forest Trust Builders,CN=Builtin,DC=corp,DC=local
dn:CN=Performance Monitor Users,CN=Builtin,DC=corp,DC=local
dn:CN=Performance Log Users,CN=Builtin,DC=corp,DC=local dn:CN=Windows
Authorization Access Group,CN=Builtin,DC=corp,DC=local dn:CN=Terminal Server
License Servers,CN=Builtin,DC=corp,DC=local
dn:CN=Distributed COM Users,CN=Builtin,DC=corp,DC=local
dn:CN=Users,CN=Builtin,DC=corp,DC=local
Permissions on adminsdholder are as follows(dsacls
cn=adminsdholder,cn=system,dc=corp,dc=local):
These permissions are a little off compared with a recently set up domain (
windows 2003 ).
Access list:
{This object is protected from inheriting permissions from the parent}
Effective Permissions on this object are:
Allow BUILTIN\Administrators
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
Allow NT AUTHORITY\Authenticated Users
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow CORP\Domain Admins
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Enterprise Admins
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow NT AUTHORITY\SYSTEM
FULL CONTROL
Allow CORP\UnityDirSvc
SPECIAL ACCESS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Allow CORP\Cert Publishers
SPECIAL ACCESS for userCertificate
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
READ PROPERTY
Allow BUILTIN\Terminal Server License Servers
SPECIAL ACCESS for terminalServer
WRITE PROPERTY
READ PROPERTY
Allow BUILTIN\Windows Authorization Access Group
SPECIAL ACCESS for tokenGroupsGlobalAndUniversal
READ PROPERTY
Allow NT AUTHORITY\SELF
Change Password
Allow CORP\UnityMsgStoreSvc
Send As
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
READ PROPERTY
The command completed successfully
Permissions on the domain root(dsacls dc=corp,dc=local) :
Access list:
Effective Permissions on this object are:
Allow BUILTIN\Administrators
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow NT AUTHORITY\Authenticated Users
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow CORP\Domain Admins
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Enterprise Admins
FULL CONTROL
Allow Everyone
SPECIAL ACCESS
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
READ PERMISSONS
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
LIST CONTENTS
Allow NT AUTHORITY\SYSTEM
FULL CONTROL
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
READ PERMISSONS
READ PROPERTY
Allow CORP\unityinstall
SPECIAL ACCESS for organizationalUnit
CREATE CHILD
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for groupType
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Domain Password & Lockout Policies
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Other Domain Parameters (for use by
SAM)
READ PROPERTY
Allow NT AUTHORITY\Authenticated Users
SPECIAL ACCESS for Other Domain Parameters (for use by
SAM)
READ PROPERTY
Allow BUILTIN\Administrators
Manage Replication Topology Allow BUILTIN\Administrators
Replication Synchronization Allow BUILTIN\Administrators
Replicating Directory Changes Allow NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Manage Replication Topology Allow NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Replication Synchronization Allow NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Replicating Directory Changes Allow CORP\Exchange
Enterprise Servers
Manage Replication Topology Allow CORP\Domain
Controllers
Replicating Directory Changes All Allow
BUILTIN\Administrators
Replicating Directory Changes All Allow
BUILTIN\Incoming Forest Trust Builders
Create Inbound Forest Trust Allow NT
AUTHORITY\Authenticated Users
Update Password Not Required Bit Allow NT
AUTHORITY\Authenticated Users
Unexpire Password
Allow NT AUTHORITY\Authenticated Users
Enable Per User Reversibly Encrypted Password
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow BUILTIN\Administrators
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Enterprise Admins
FULL CONTROL
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
LIST CONTENTS
Allow CORP\unityinstall
SPECIAL ACCESS for organizationalUnit
CREATE CHILD
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for groupType
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
Inherited to contact
Allow CORP\UnityMsgStoreSvc
Send As
Inherited to user
Allow CORP\UnityMsgStoreSvc
Send As
Inherited to group
Allow CORP\UnityDirSvc
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to contact
Allow CORP\UnityDirSvc
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to user
Allow CORP\UnityDirSvc
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Allow CORP\UnityDirSvc
Reset Password
Allow CORP\UnityDirSvc
Change Password
Inherited to group
Allow CORP\unityinstall
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to contact
Allow CORP\unityinstall
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to user
Allow CORP\unityinstall
Reset Password
Allow CORP\unityinstall
Change Password
Allow CORP\unityinstall
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Remote Access Information
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for General Information
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Group Membership
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Account Restrictions
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Logon Information
READ PROPERTY
Inherited to group
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Inherited to user
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Inherited to group
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
The command completed successfully
Kær kveðja / Best regards,
Jon Elias Thrainsson
I'm trying to solve a little mystery. I have 2300 user objects in Domain
Users. The Domain Users group is nested in Builtin\Print Operators.
According to MS 318180 all users which are traceable to the following groups
• Enterprise Admins • Schema Admins • Domain Admins • Administrators • Domain
Controllers • Cert Publishers • Backup Operators • Replicator Server
Operators • Account Operators • Print Operators
Should have the admincount = 1 as well as inheritance on the user object
broken. So the filter
(&(objectcategory=person)(objectclass=user)(admincount=1)) should give me a
result of 2300 users. But that is not the case. I get approximately 300
user objects.
I have reset inheritance on all the user objects which match the filter
(&(objectcategory=person)(objectclass=user)(admincount=1)) according to MS
817433 but when sdprop runs next it removes inheritance from these 300
objects and leaves the other 2000 alone.
So I am wondering whether sdprop is working correctly. If so how can I
debug the process?
All help would be much appreciated.
Litle history:
I have a domain which consists of a mix of windows 2000 server and windows
server 2003 domain controlers. The Current domain functional level is in
windows 2000 native mode, The current forest functional level is windows
2000.
The fsmo roles are on a windows server 2003 domain controller with sp1.
There is one domain in the forest and there are no trusts in place.
Notice that the Enterprise Admins group is in the Builtin container and not
in CN=Users,DC=corp,DC=local. It is not possible to move it without changing
permissions on the group?!
CORP\Builtin container :
dn:CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=corp,DC=local
dn:CN=Print Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Server Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Backup Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Replicator,CN=Builtin,DC=corp,DC=local
dn:CN=Account Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Guests,CN=Builtin,DC=corp,DC=local
dn:CN=Administrators,CN=Builtin,DC=corp,DC=local
dn:CN=Enterprise Admins,CN=Builtin,DC=corp,DC=local
dn:CN=Remote Desktop Users,CN=Builtin,DC=corp,DC=local dn:CN=Network
Configuration Operators,CN=Builtin,DC=corp,DC=local
dn:CN=Incoming Forest Trust Builders,CN=Builtin,DC=corp,DC=local
dn:CN=Performance Monitor Users,CN=Builtin,DC=corp,DC=local
dn:CN=Performance Log Users,CN=Builtin,DC=corp,DC=local dn:CN=Windows
Authorization Access Group,CN=Builtin,DC=corp,DC=local dn:CN=Terminal Server
License Servers,CN=Builtin,DC=corp,DC=local
dn:CN=Distributed COM Users,CN=Builtin,DC=corp,DC=local
dn:CN=Users,CN=Builtin,DC=corp,DC=local
Permissions on adminsdholder are as follows(dsacls
cn=adminsdholder,cn=system,dc=corp,dc=local):
These permissions are a little off compared with a recently set up domain (
windows 2003 ).
Access list:
{This object is protected from inheriting permissions from the parent}
Effective Permissions on this object are:
Allow BUILTIN\Administrators
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
Allow NT AUTHORITY\Authenticated Users
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow CORP\Domain Admins
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Enterprise Admins
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow NT AUTHORITY\SYSTEM
FULL CONTROL
Allow CORP\UnityDirSvc
SPECIAL ACCESS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Allow CORP\Cert Publishers
SPECIAL ACCESS for userCertificate
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
READ PROPERTY
Allow BUILTIN\Terminal Server License Servers
SPECIAL ACCESS for terminalServer
WRITE PROPERTY
READ PROPERTY
Allow BUILTIN\Windows Authorization Access Group
SPECIAL ACCESS for tokenGroupsGlobalAndUniversal
READ PROPERTY
Allow NT AUTHORITY\SELF
Change Password
Allow CORP\UnityMsgStoreSvc
Send As
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
READ PROPERTY
The command completed successfully
Permissions on the domain root(dsacls dc=corp,dc=local) :
Access list:
Effective Permissions on this object are:
Allow BUILTIN\Administrators
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow NT AUTHORITY\Authenticated Users
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow CORP\Domain Admins
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Enterprise Admins
FULL CONTROL
Allow Everyone
SPECIAL ACCESS
READ PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
READ PERMISSONS
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
LIST CONTENTS
Allow NT AUTHORITY\SYSTEM
FULL CONTROL
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
READ PERMISSONS
READ PROPERTY
Allow CORP\unityinstall
SPECIAL ACCESS for organizationalUnit
CREATE CHILD
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for groupType
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Domain Password & Lockout Policies
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Other Domain Parameters (for use by
SAM)
READ PROPERTY
Allow NT AUTHORITY\Authenticated Users
SPECIAL ACCESS for Other Domain Parameters (for use by
SAM)
READ PROPERTY
Allow BUILTIN\Administrators
Manage Replication Topology Allow BUILTIN\Administrators
Replication Synchronization Allow BUILTIN\Administrators
Replicating Directory Changes Allow NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Manage Replication Topology Allow NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Replication Synchronization Allow NT
AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Replicating Directory Changes Allow CORP\Exchange
Enterprise Servers
Manage Replication Topology Allow CORP\Domain
Controllers
Replicating Directory Changes All Allow
BUILTIN\Administrators
Replicating Directory Changes All Allow
BUILTIN\Incoming Forest Trust Builders
Create Inbound Forest Trust Allow NT
AUTHORITY\Authenticated Users
Update Password Not Required Bit Allow NT
AUTHORITY\Authenticated Users
Unexpire Password
Allow NT AUTHORITY\Authenticated Users
Enable Per User Reversibly Encrypted Password
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow BUILTIN\Administrators
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow CORP\Enterprise Admins
FULL CONTROL
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
LIST CONTENTS
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
LIST CONTENTS
Allow CORP\unityinstall
SPECIAL ACCESS for organizationalUnit
CREATE CHILD
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for displayName
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for groupType
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Personal Information
WRITE PROPERTY
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS for Public Information
WRITE PROPERTY
Inherited to contact
Allow CORP\UnityMsgStoreSvc
Send As
Inherited to user
Allow CORP\UnityMsgStoreSvc
Send As
Inherited to group
Allow CORP\UnityDirSvc
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to contact
Allow CORP\UnityDirSvc
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to user
Allow CORP\UnityDirSvc
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Allow CORP\UnityDirSvc
Reset Password
Allow CORP\UnityDirSvc
Change Password
Inherited to group
Allow CORP\unityinstall
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to contact
Allow CORP\unityinstall
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to user
Allow CORP\unityinstall
Reset Password
Allow CORP\unityinstall
Change Password
Allow CORP\unityinstall
SPECIAL ACCESS
DELETE
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Remote Access Information
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for General Information
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Group Membership
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Account Restrictions
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS for Logon Information
READ PROPERTY
Inherited to group
Allow BUILTIN\Pre-Windows 2000 Compatible Access
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Inherited to user
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Inherited to group
Allow CORP\Exchange Enterprise Servers
SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
The command completed successfully
Kær kveðja / Best regards,
Jon Elias Thrainsson