Solved

Access denied to own account in Active Directory

Posted on 2012-04-05
14
281 Views
Last Modified: 2012-06-27
I am having a wierd issue.  Anytime I try to make any change to my account in AD I get access denied.  If I try to move the account to a different OU or change the security of it i get the same error.  Inssuffient access rights to perform the operation.  I am in the domain admins and enterprise admins group.  Is there a way I can reset the permissions on my account?
0
Comment
Question by:Serenea Carpenter
  • 8
  • 5
14 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37813359
Are you doing it in ADUC? Try right clicking and running as admin when you launch ADUC instead of double clicking it.
0
 
LVL 4

Expert Comment

by:MaximumIQ
ID: 37813379
You can try Geodash's suggestion, then go to the security tab of your User Properties window, Click Advanced and you should see a Restore Defaults button. If you still get denied trying to do that, I'd recommend doing this from a Domain Controller
0
 

Author Comment

by:Serenea Carpenter
ID: 37813708
I tried changing this to default after starting ADUC as administrator which is our default admin user which is also part of the enterprise admins group and it still says access denied.  THis was done on a domain controller through RDP.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813714
Log on as a different admin via RDP to make the change on your own account.
0
 

Author Comment

by:Serenea Carpenter
ID: 37813727
I tried that as well.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813743
Can you connect to a different DC and try? Do you have more than 1 DC?
0
 

Author Comment

by:Serenea Carpenter
ID: 37813778
Same results on all of them.  Logged in as different enterprise admin other than myself.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 9

Expert Comment

by:Geodash
ID: 37813804
Run ACLDiag.exe to diagnose and check for discrepancies in the permissions of the objects in AD

See if there is something wrong with the object

http://technet.microsoft.com/en-us/library/cc755388.aspx
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37813812
Login as a different admin > Reset the persmission on your account > Remove yourself as a domain admin save > re-add as a domain admin > test
0
 

Author Comment

by:Serenea Carpenter
ID: 37823112
when I try to remove myself from domain admins i get Inssufficient access rights to perform the operation.  I have tried this as myself and built in administrator user that is also an enterpise and domain admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823201
Error: failed to write security information into the Active Directory .   Unable
 to fix delegation.

This is what i get when I run alcdiag /chkdeleg /fixdeleg against my account.  I am doing this logged into a domain controller as enterprise admin.
0
 

Author Comment

by:Serenea Carpenter
ID: 37823293
Schema Defaults Diagnosis
        Schema defaults: Partial

Also getting this when I run acldiag /schema
0
 

Accepted Solution

by:
Serenea Carpenter earned 0 total points
ID: 37856951
Fixed the problem.  We had quest change auditor installed on the domain controllers.  When we removed the program the issue went away.
0
 

Author Closing Comment

by:Serenea Carpenter
ID: 37877347
Fixed on my own.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now