Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 290
  • Last Modified:

Access denied to own account in Active Directory

I am having a wierd issue.  Anytime I try to make any change to my account in AD I get access denied.  If I try to move the account to a different OU or change the security of it i get the same error.  Inssuffient access rights to perform the operation.  I am in the domain admins and enterprise admins group.  Is there a way I can reset the permissions on my account?
0
Serenea Carpenter
Asked:
Serenea Carpenter
  • 8
  • 5
1 Solution
 
GeodashCommented:
Are you doing it in ADUC? Try right clicking and running as admin when you launch ADUC instead of double clicking it.
0
 
MaximumIQCommented:
You can try Geodash's suggestion, then go to the security tab of your User Properties window, Click Advanced and you should see a Restore Defaults button. If you still get denied trying to do that, I'd recommend doing this from a Domain Controller
0
 
Serenea CarpenterAuthor Commented:
I tried changing this to default after starting ADUC as administrator which is our default admin user which is also part of the enterprise admins group and it still says access denied.  THis was done on a domain controller through RDP.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
GeodashCommented:
Log on as a different admin via RDP to make the change on your own account.
0
 
Serenea CarpenterAuthor Commented:
I tried that as well.
0
 
GeodashCommented:
Can you connect to a different DC and try? Do you have more than 1 DC?
0
 
Serenea CarpenterAuthor Commented:
Same results on all of them.  Logged in as different enterprise admin other than myself.
0
 
GeodashCommented:
Run ACLDiag.exe to diagnose and check for discrepancies in the permissions of the objects in AD

See if there is something wrong with the object

http://technet.microsoft.com/en-us/library/cc755388.aspx
0
 
GeodashCommented:
Login as a different admin > Reset the persmission on your account > Remove yourself as a domain admin save > re-add as a domain admin > test
0
 
Serenea CarpenterAuthor Commented:
when I try to remove myself from domain admins i get Inssufficient access rights to perform the operation.  I have tried this as myself and built in administrator user that is also an enterpise and domain admin.
0
 
Serenea CarpenterAuthor Commented:
Error: failed to write security information into the Active Directory .   Unable
 to fix delegation.

This is what i get when I run alcdiag /chkdeleg /fixdeleg against my account.  I am doing this logged into a domain controller as enterprise admin.
0
 
Serenea CarpenterAuthor Commented:
Schema Defaults Diagnosis
        Schema defaults: Partial

Also getting this when I run acldiag /schema
0
 
Serenea CarpenterAuthor Commented:
Fixed the problem.  We had quest change auditor installed on the domain controllers.  When we removed the program the issue went away.
0
 
Serenea CarpenterAuthor Commented:
Fixed on my own.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now