Solved

OU for Contractor Users is "locked out". How do I undo?

Posted on 2011-02-24
4
338 Views
Last Modified: 2012-05-11
Win2k3r2

I come into work today and none of the contractors can log in. They get an error their account is locked. So i go into AD users and look at the users and the accounts are NOT locked. However what's strange is I can't modify any of these users. Everything is greyed out and if I even try to reset Password I am told "access is denied". I can't even move the users to a different OU.

Currently we have Top OU-Employee, under that we have OU-Contractor, OU-Baseline, OU- NetworkAdmin, OU-Visitors.  The only OU that seems to have it's contents affected is the Contractors.  I can't do ANYTHING in the OU, not even create something new or move or copy.

I compared the OU's "Security" and they all look identical.

Ideas on how to give me back access?  yes I am my domainAdmin account.
0
Comment
Question by:MushroomStamp
  • 3
4 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34973297
I would copy that OU into a temp_OU. Then I would delete it or rename it. Then create the OU again and repopulate it. See if that helps.
0
 

Author Comment

by:MushroomStamp
ID: 34973512
There is no way to copy the OU or move it or its contents. Not that I can find anyway.  I could recreate the users in another OU, but I really need to understand this problem beause I have no idea how it happened or how to correct if it happens again. What happens if it happened to the main employee folder. Recreating each user isn't the answer.

I'm hoping there has to be some command line way of reseting rights back.
0
 

Accepted Solution

by:
MushroomStamp earned 0 total points
ID: 34973624
Not sure what the answer is, but I have solved the issue.
0
 

Author Closing Comment

by:MushroomStamp
ID: 35005316
Not sure why this started working.. I had tried many things. But it works now.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now