?
Solved

Need an easy way to change security on all AD users

Posted on 2009-07-06
2
Medium Priority
?
299 Views
Last Modified: 2012-05-07
Hi, I just installed BlackBerry Enterprise Server. Part of the install requires granting the besadmin AD account "SendAs" permission to the root of Active Directory.

After I did this I found that the permission was not propagating down to the users. The only way I have found to fix is to go to each user and check the box to allow inheritable permissions from the parent to propagate to this object.

I need an easier way to make this change to ALL of my users at once. The users are spread around in many OUs. I cannot afford to set this on a user by user basis.

Thanks!
0
Comment
Question by:susnewyork
  • 2
2 Comments
 
LVL 20

Accepted Solution

by:
Rick Fee earned 1000 total points
ID: 24786998
 I usually run an command on the DC to setup send as permissions, BUT this can take up to 90 minutes to take place.

dsacls "cn=adminsdholder,cn=system,dc=youraddomain,dc=local" /G "Domain\BESadmin:CA;Send As"  
0
 
LVL 20

Assisted Solution

by:Rick Fee
Rick Fee earned 1000 total points
ID: 24787094
I usually do this on all the BES servers I work on.    

dsacls in part of the support tools.    I usually stop the BES router service for 20 minutes after running the command.

As you probably figure you need to customize:

dc=youraddomain
dc=local
Domain\BESadmin    
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question