Solved

Access denied to own account in Active Directory

Posted on 2012-04-05
14
284 Views
Last Modified: 2012-06-27
I am having a wierd issue.  Anytime I try to make any change to my account in AD I get access denied.  If I try to move the account to a different OU or change the security of it i get the same error.  Inssuffient access rights to perform the operation.  I am in the domain admins and enterprise admins group.  Is there a way I can reset the permissions on my account?
0
Comment
Question by:Serenea Carpenter
  • 8
  • 5
14 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37813359
Are you doing it in ADUC? Try right clicking and running as admin when you launch ADUC instead of double clicking it.
0
 
LVL 4

Expert Comment

by:MaximumIQ
ID: 37813379
You can try Geodash's suggestion, then go to the security tab of your User Properties window, Click Advanced and you should see a Restore Defaults button. If you still get denied trying to do that, I'd recommend doing this from a Domain Controller
0
 

Author Comment

by:Serenea Carpenter
ID: 37813708
I tried changing this to default after starting ADUC as administrator which is our default admin user which is also part of the enterprise admins group and it still says access denied.  THis was done on a domain controller through RDP.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 9

Expert Comment

by:Geodash
ID: 37813714
Log on as a different admin via RDP to make the change on your own account.
0
 

Author Comment

by:Serenea Carpenter
ID: 37813727
I tried that as well.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813743
Can you connect to a different DC and try? Do you have more than 1 DC?
0
 

Author Comment

by:Serenea Carpenter
ID: 37813778
Same results on all of them.  Logged in as different enterprise admin other than myself.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813804
Run ACLDiag.exe to diagnose and check for discrepancies in the permissions of the objects in AD

See if there is something wrong with the object

http://technet.microsoft.com/en-us/library/cc755388.aspx
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813812
Login as a different admin > Reset the persmission on your account > Remove yourself as a domain admin save > re-add as a domain admin > test
0
 

Author Comment

by:Serenea Carpenter
ID: 37823112
when I try to remove myself from domain admins i get Inssufficient access rights to perform the operation.  I have tried this as myself and built in administrator user that is also an enterpise and domain admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823201
Error: failed to write security information into the Active Directory .   Unable
 to fix delegation.

This is what i get when I run alcdiag /chkdeleg /fixdeleg against my account.  I am doing this logged into a domain controller as enterprise admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823293
Schema Defaults Diagnosis
        Schema defaults: Partial

Also getting this when I run acldiag /schema
0
 

Accepted Solution

by:
Serenea Carpenter earned 0 total points
ID: 37856951
Fixed the problem.  We had quest change auditor installed on the domain controllers.  When we removed the program the issue went away.
0
 

Author Closing Comment

by:Serenea Carpenter
ID: 37877347
Fixed on my own.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question