Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain Administrator being blocked on domain controller

Posted on 2008-10-24
2
Medium Priority
?
538 Views
Last Modified: 2012-05-05
weird thing, logged in as domain administrator I cannot open administrative tools/Active Directory Users and computers.  I get a C:\windows\system32\dsa.msc, I get the same thing with Domain Security Policy, and a bunch other.  I've checked the permission on the file and i'm in there but no luck.  Any ideas???
0
Comment
Question by:ibtaya
2 Comments
 
LVL 7

Expert Comment

by:cmarandi
ID: 22800645
check your local policies... START / RUN / GPEDIT.MSC

Go to Windows Settings / security settings / local policies / user rights.

besides other settings, check the log on locally... anywhere there is administrator, make sure it's adminsitrator@domain.com or \\domain\administrator and not just administrator.



Also, in the DSA.MSC, right click the domain, and choose to delegate ... make sure the domain admin is listed in there.
0
 
LVL 2

Accepted Solution

by:
ibtaya earned 0 total points
ID: 22886261
tried that no luck.  It's everything in the c:\windows\system32 folder that this happening to.  I can add them through MMC but can't open them from the "normal" locations.  I've even tried opening MMC, adding the AD users and computers, deleting the dsa.msc from c:\windows\system32, then saving my open mmc as dsa.msc and it saves fine.  But when I go to open the newly saved dsa.msc, get the same error.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question