Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access denied to own account in Active Directory

Posted on 2012-04-05
14
Medium Priority
?
288 Views
Last Modified: 2012-06-27
I am having a wierd issue.  Anytime I try to make any change to my account in AD I get access denied.  If I try to move the account to a different OU or change the security of it i get the same error.  Inssuffient access rights to perform the operation.  I am in the domain admins and enterprise admins group.  Is there a way I can reset the permissions on my account?
0
Comment
Question by:Serenea Carpenter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
14 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37813359
Are you doing it in ADUC? Try right clicking and running as admin when you launch ADUC instead of double clicking it.
0
 
LVL 4

Expert Comment

by:MaximumIQ
ID: 37813379
You can try Geodash's suggestion, then go to the security tab of your User Properties window, Click Advanced and you should see a Restore Defaults button. If you still get denied trying to do that, I'd recommend doing this from a Domain Controller
0
 

Author Comment

by:Serenea Carpenter
ID: 37813708
I tried changing this to default after starting ADUC as administrator which is our default admin user which is also part of the enterprise admins group and it still says access denied.  THis was done on a domain controller through RDP.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 9

Expert Comment

by:Geodash
ID: 37813714
Log on as a different admin via RDP to make the change on your own account.
0
 

Author Comment

by:Serenea Carpenter
ID: 37813727
I tried that as well.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813743
Can you connect to a different DC and try? Do you have more than 1 DC?
0
 

Author Comment

by:Serenea Carpenter
ID: 37813778
Same results on all of them.  Logged in as different enterprise admin other than myself.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813804
Run ACLDiag.exe to diagnose and check for discrepancies in the permissions of the objects in AD

See if there is something wrong with the object

http://technet.microsoft.com/en-us/library/cc755388.aspx
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813812
Login as a different admin > Reset the persmission on your account > Remove yourself as a domain admin save > re-add as a domain admin > test
0
 

Author Comment

by:Serenea Carpenter
ID: 37823112
when I try to remove myself from domain admins i get Inssufficient access rights to perform the operation.  I have tried this as myself and built in administrator user that is also an enterpise and domain admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823201
Error: failed to write security information into the Active Directory .   Unable
 to fix delegation.

This is what i get when I run alcdiag /chkdeleg /fixdeleg against my account.  I am doing this logged into a domain controller as enterprise admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823293
Schema Defaults Diagnosis
        Schema defaults: Partial

Also getting this when I run acldiag /schema
0
 

Accepted Solution

by:
Serenea Carpenter earned 0 total points
ID: 37856951
Fixed the problem.  We had quest change auditor installed on the domain controllers.  When we removed the program the issue went away.
0
 

Author Closing Comment

by:Serenea Carpenter
ID: 37877347
Fixed on my own.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question