Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Using DSACLS to modify AdminSDHolder

Posted on 2009-07-10
5
Medium Priority
?
1,108 Views
Last Modified: 2012-05-07
Ok, the short and simple of what I'm trying to do is set up a domain admin's account so that other people within the domain can send as that user.  Reason being is that whenever we have an event here, at the end of the night our folks will generate a report, and then send it off to our clients.  However, it needs to appear as though the report came directly from the owner, so need to have send as permissions for all these folks.  Easiest way that I've figured to do this is create a group that contains everyone that would need to send as the user, then add it to the security for them and check the 'send as' right.  Tricky part that I've run into is the user is a domain admin, so AdminSDHolder removes the group every hour.  I've done some reading and discovered I'll need to use dsacls to get around this.  With that in mind I came up with the following command:

dsacls "cn=AdminSDHolder,cn=system,dc=mydomain,dc=local" /G "netbiosdomain\user:CA;Send As"

What I'd like to know is wether or not I've figured this out right.  By running that command would that allow me to add the security group, check send as, and expect it to stick?  Most everything I've seen so far is in regard to service accounts for blackberries, so seemed a little different than what I'm going for.  Thanks!
0
Comment
Question by:sstoyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 10

Accepted Solution

by:
abraham808 earned 1500 total points
ID: 24825982
Read this: http://support.microsoft.com/kb/907434
It should be fine.  Are you using any accounts from protected groups:

Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers?  

Those rights get reset.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24826039
Check this MS KB for syntax
http://support.microsoft.com/kb/907434
0
 
LVL 10

Expert Comment

by:abraham808
ID: 24826050
oh yeah theres no space

SendAs
0
 

Author Comment

by:sstoyer
ID: 24826051
Yes, the user that I'm trying to add the rights to is a member of the domain admins group.
0
 

Author Comment

by:sstoyer
ID: 24826723
Ok, think I've had some success here, so gonna post my results for posterity :)  To get this to work correctly I had to run the commands from the kb article with the following line tacked onto the bottom:

dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=local" /G "\SENDAS:CA;Send As"

Where SENDAS is the group where I've added all the folks that need to send as the user.  After waiting an hour for the reset it looks like the security settings are gonna take.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question