Solved

Access denied to own account in Active Directory

Posted on 2012-04-05
14
280 Views
Last Modified: 2012-06-27
I am having a wierd issue.  Anytime I try to make any change to my account in AD I get access denied.  If I try to move the account to a different OU or change the security of it i get the same error.  Inssuffient access rights to perform the operation.  I am in the domain admins and enterprise admins group.  Is there a way I can reset the permissions on my account?
0
Comment
Question by:Serenea Carpenter
  • 8
  • 5
14 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37813359
Are you doing it in ADUC? Try right clicking and running as admin when you launch ADUC instead of double clicking it.
0
 
LVL 4

Expert Comment

by:MaximumIQ
ID: 37813379
You can try Geodash's suggestion, then go to the security tab of your User Properties window, Click Advanced and you should see a Restore Defaults button. If you still get denied trying to do that, I'd recommend doing this from a Domain Controller
0
 

Author Comment

by:Serenea Carpenter
ID: 37813708
I tried changing this to default after starting ADUC as administrator which is our default admin user which is also part of the enterprise admins group and it still says access denied.  THis was done on a domain controller through RDP.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813714
Log on as a different admin via RDP to make the change on your own account.
0
 

Author Comment

by:Serenea Carpenter
ID: 37813727
I tried that as well.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813743
Can you connect to a different DC and try? Do you have more than 1 DC?
0
 

Author Comment

by:Serenea Carpenter
ID: 37813778
Same results on all of them.  Logged in as different enterprise admin other than myself.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Expert Comment

by:Geodash
ID: 37813804
Run ACLDiag.exe to diagnose and check for discrepancies in the permissions of the objects in AD

See if there is something wrong with the object

http://technet.microsoft.com/en-us/library/cc755388.aspx
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813812
Login as a different admin > Reset the persmission on your account > Remove yourself as a domain admin save > re-add as a domain admin > test
0
 

Author Comment

by:Serenea Carpenter
ID: 37823112
when I try to remove myself from domain admins i get Inssufficient access rights to perform the operation.  I have tried this as myself and built in administrator user that is also an enterpise and domain admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823201
Error: failed to write security information into the Active Directory .   Unable
 to fix delegation.

This is what i get when I run alcdiag /chkdeleg /fixdeleg against my account.  I am doing this logged into a domain controller as enterprise admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823293
Schema Defaults Diagnosis
        Schema defaults: Partial

Also getting this when I run acldiag /schema
0
 

Accepted Solution

by:
Serenea Carpenter earned 0 total points
ID: 37856951
Fixed the problem.  We had quest change auditor installed on the domain controllers.  When we removed the program the issue went away.
0
 

Author Closing Comment

by:Serenea Carpenter
ID: 37877347
Fixed on my own.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now