Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need an easy way to change security on all AD users

Posted on 2009-07-06
2
Medium Priority
?
294 Views
Last Modified: 2012-05-07
Hi, I just installed BlackBerry Enterprise Server. Part of the install requires granting the besadmin AD account "SendAs" permission to the root of Active Directory.

After I did this I found that the permission was not propagating down to the users. The only way I have found to fix is to go to each user and check the box to allow inheritable permissions from the parent to propagate to this object.

I need an easier way to make this change to ALL of my users at once. The users are spread around in many OUs. I cannot afford to set this on a user by user basis.

Thanks!
0
Comment
Question by:susnewyork
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 20

Accepted Solution

by:
Rick Fee earned 1000 total points
ID: 24786998
 I usually run an command on the DC to setup send as permissions, BUT this can take up to 90 minutes to take place.

dsacls "cn=adminsdholder,cn=system,dc=youraddomain,dc=local" /G "Domain\BESadmin:CA;Send As"  
0
 
LVL 20

Assisted Solution

by:Rick Fee
Rick Fee earned 1000 total points
ID: 24787094
I usually do this on all the BES servers I work on.    

dsacls in part of the support tools.    I usually stop the BES router service for 20 minutes after running the command.

As you probably figure you need to customize:

dc=youraddomain
dc=local
Domain\BESadmin    
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question