Solved

Need an easy way to change security on all AD users

Posted on 2009-07-06
2
286 Views
Last Modified: 2012-05-07
Hi, I just installed BlackBerry Enterprise Server. Part of the install requires granting the besadmin AD account "SendAs" permission to the root of Active Directory.

After I did this I found that the permission was not propagating down to the users. The only way I have found to fix is to go to each user and check the box to allow inheritable permissions from the parent to propagate to this object.

I need an easier way to make this change to ALL of my users at once. The users are spread around in many OUs. I cannot afford to set this on a user by user basis.

Thanks!
0
Comment
Question by:susnewyork
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 20

Accepted Solution

by:
EndureKona earned 250 total points
ID: 24786998
 I usually run an command on the DC to setup send as permissions, BUT this can take up to 90 minutes to take place.

dsacls "cn=adminsdholder,cn=system,dc=youraddomain,dc=local" /G "Domain\BESadmin:CA;Send As"  
0
 
LVL 20

Assisted Solution

by:EndureKona
EndureKona earned 250 total points
ID: 24787094
I usually do this on all the BES servers I work on.    

dsacls in part of the support tools.    I usually stop the BES router service for 20 minutes after running the command.

As you probably figure you need to customize:

dc=youraddomain
dc=local
Domain\BESadmin    
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question