how to undo authenticated users denied access on AD

Hi guys,

I was trying to prevent access to AD to standard users and by mistake I gave authenticated ussers denied access to AD, now I cannot access AD with any of my domain or enterprise admins. what can I do to undo that action? Please I need help as soon as possible.. thanks in advance!!
goodwill1Asked:
Who is Participating?
 
Daryl BamforthTechnical ExpertCommented:
Missed your second one.  

Authenticated Users is a special built in domain security group.  You should not be deleting or disabling this group.

When you say you are trying to prevent access to AD to standard users do you mean you want to prevent them from being able to use a management tool to read the directory?  If this is the case then have a read of this.

http://www.windowsecurity.com/articles/Active-Directory-information-exposed-users.html
(warning, it does ramble a bit :P)

For users to be able to properly authenticate against AD they do need read rights to quite a significant chunk.  You can, however, look at setting some of the attributes as confidential (see http://support.microsoft.com/kb/922836).

I hope that helps, but if I am way off mark can you please elaborate on exactly what you were intending to accomplish by removing the Authenticated Users group.
0
 
goodwill1Author Commented:
Hi guys, I got it fixed.. my heart is pumping again!! i was scared already. what I did I disconnect the PDC from the network that was the server I did the change. when I go to my secondary server the changed was not sync yet so I added authenticated users and gave it full access to AD. then I restarted the PDC DC and login again and did a manual sync and all was back up again. I was able to go to AD and just give authenticated users read access. now my question is if I delete authenticated users from AD access. it will be ok or I will loose connetion to AD as a domain admin since domain admin are also autheticated users?
Thanks
0
 
Daryl BamforthTechnical ExpertCommented:
Glad you got it working.  This is one of the type of instances that slow syncing can be a blessing :)

If this happens again and does get synced, you can attempt recovery using directory services restore mode.

With physical access to server, reboot, Press F8 just after POST and use the password you set when you installed AD. (If you cannot remember it you can reset it using an offline NT password reset disk.)

Open up AD users and computers, fix permissions, reboot.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
lauchangkwangCommented:
>> now my question is if I delete authenticated users from AD access. it will be ok or I will loose connetion to AD as a domain admin since domain admin are also autheticated users?

Normally the process is "Disable" the user / group first , then after a period of time, then only delete the account / group.

Possible to print screen and post the picture here for the authenticad users group ??
0
 
lauchangkwangCommented:
Just to let you know, before you delete / disable any acc. or group in AD, make sure it is correct then only do it, or else you might be in trouble, base on your question here, it seems like your admin acc. also get restricted from the denied access. Normally if you want to prevent access, it should from the user group (where got a list of users there), not from the authenticated users list.
0
 
goodwill1Author Commented:
Thanks a lot Unori and  lauchangkwang. Yes Im glad the replication was quick enough. and yhes you are right I need to be sure before I made a big change like that..  and yes what I need to do is prevent users from accesing AD via de admin tool in case anyone have it installed. I appreciated your quick response guys. have a greate day!!
0
 
goodwill1Author Commented:
great response time.. thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.