Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Need an easy way to change security on all AD users

Posted on 2009-07-06
2
Medium Priority
?
297 Views
Last Modified: 2012-05-07
Hi, I just installed BlackBerry Enterprise Server. Part of the install requires granting the besadmin AD account "SendAs" permission to the root of Active Directory.

After I did this I found that the permission was not propagating down to the users. The only way I have found to fix is to go to each user and check the box to allow inheritable permissions from the parent to propagate to this object.

I need an easier way to make this change to ALL of my users at once. The users are spread around in many OUs. I cannot afford to set this on a user by user basis.

Thanks!
0
Comment
Question by:susnewyork
  • 2
2 Comments
 
LVL 20

Accepted Solution

by:
Rick Fee earned 1000 total points
ID: 24786998
 I usually run an command on the DC to setup send as permissions, BUT this can take up to 90 minutes to take place.

dsacls "cn=adminsdholder,cn=system,dc=youraddomain,dc=local" /G "Domain\BESadmin:CA;Send As"  
0
 
LVL 20

Assisted Solution

by:Rick Fee
Rick Fee earned 1000 total points
ID: 24787094
I usually do this on all the BES servers I work on.    

dsacls in part of the support tools.    I usually stop the BES router service for 20 minutes after running the command.

As you probably figure you need to customize:

dc=youraddomain
dc=local
Domain\BESadmin    
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question