Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

how to disable 'protected' group

Within our AD sctructure, I've discovered that a security group named "company employees" has been protected. Get-ADGroup -LDAPFilter "(objectcategory=group)(admincount=1)" proved this to be true.

This is preventing our help desk from changing passwords. I understand this isn't desired by any means. I'm just trying to fix it. How can I un-protect this group?
0
rareguy
Asked:
rareguy
  • 2
  • 2
1 Solution
 
Mike KlineCommented:
You can set admincount back to 0 using adsiedit

This is all because of adminsdholder and the DS team had a good entry on it

http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspx

They linked to Michael Smith's blog which is also worth reading.

Thanks

Mike
0
 
rareguyAuthor Commented:
Thanks, giving that a try
0
 
rareguyAuthor Commented:
That worked, Thanks!
0
 
Mike KlineCommented:
Excellent, good work to make the change
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now