Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Using DSACLS to modify AdminSDHolder

Posted on 2009-07-10
5
1,043 Views
Last Modified: 2012-05-07
Ok, the short and simple of what I'm trying to do is set up a domain admin's account so that other people within the domain can send as that user.  Reason being is that whenever we have an event here, at the end of the night our folks will generate a report, and then send it off to our clients.  However, it needs to appear as though the report came directly from the owner, so need to have send as permissions for all these folks.  Easiest way that I've figured to do this is create a group that contains everyone that would need to send as the user, then add it to the security for them and check the 'send as' right.  Tricky part that I've run into is the user is a domain admin, so AdminSDHolder removes the group every hour.  I've done some reading and discovered I'll need to use dsacls to get around this.  With that in mind I came up with the following command:

dsacls "cn=AdminSDHolder,cn=system,dc=mydomain,dc=local" /G "netbiosdomain\user:CA;Send As"

What I'd like to know is wether or not I've figured this out right.  By running that command would that allow me to add the security group, check send as, and expect it to stick?  Most everything I've seen so far is in regard to service accounts for blackberries, so seemed a little different than what I'm going for.  Thanks!
0
Comment
Question by:sstoyer
  • 2
  • 2
5 Comments
 
LVL 10

Accepted Solution

by:
abraham808 earned 500 total points
ID: 24825982
Read this: http://support.microsoft.com/kb/907434
It should be fine.  Are you using any accounts from protected groups:

Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers?  

Those rights get reset.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24826039
Check this MS KB for syntax
http://support.microsoft.com/kb/907434
0
 
LVL 10

Expert Comment

by:abraham808
ID: 24826050
oh yeah theres no space

SendAs
0
 

Author Comment

by:sstoyer
ID: 24826051
Yes, the user that I'm trying to add the rights to is a member of the domain admins group.
0
 

Author Comment

by:sstoyer
ID: 24826723
Ok, think I've had some success here, so gonna post my results for posterity :)  To get this to work correctly I had to run the commands from the kb article with the following line tacked onto the bottom:

dsacls "cn=adminsdholder,cn=system,dc=mydomain,dc=local" /G "\SENDAS:CA;Send As"

Where SENDAS is the group where I've added all the folks that need to send as the user.  After waiting an hour for the reset it looks like the security settings are gonna take.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question