Solved

OU for Contractor Users is "locked out". How do I undo?

Posted on 2011-02-24
4
343 Views
Last Modified: 2012-05-11
Win2k3r2

I come into work today and none of the contractors can log in. They get an error their account is locked. So i go into AD users and look at the users and the accounts are NOT locked. However what's strange is I can't modify any of these users. Everything is greyed out and if I even try to reset Password I am told "access is denied". I can't even move the users to a different OU.

Currently we have Top OU-Employee, under that we have OU-Contractor, OU-Baseline, OU- NetworkAdmin, OU-Visitors.  The only OU that seems to have it's contents affected is the Contractors.  I can't do ANYTHING in the OU, not even create something new or move or copy.

I compared the OU's "Security" and they all look identical.

Ideas on how to give me back access?  yes I am my domainAdmin account.
0
Comment
Question by:MushroomStamp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34973297
I would copy that OU into a temp_OU. Then I would delete it or rename it. Then create the OU again and repopulate it. See if that helps.
0
 

Author Comment

by:MushroomStamp
ID: 34973512
There is no way to copy the OU or move it or its contents. Not that I can find anyway.  I could recreate the users in another OU, but I really need to understand this problem beause I have no idea how it happened or how to correct if it happens again. What happens if it happened to the main employee folder. Recreating each user isn't the answer.

I'm hoping there has to be some command line way of reseting rights back.
0
 

Accepted Solution

by:
MushroomStamp earned 0 total points
ID: 34973624
Not sure what the answer is, but I have solved the issue.
0
 

Author Closing Comment

by:MushroomStamp
ID: 35005316
Not sure why this started working.. I had tried many things. But it works now.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question