Solved

Cannot unlock Domain user account

Posted on 2014-01-29
4
2,000 Views
Last Modified: 2014-01-29
Cannot unlock Domain user account

we used to have user1 as member of domain admins group, then we removed him.

we have user2 that we delegated unlock accounts privileges, he can unlock all domain users account, but he cannot unlock user1 account, it shows grayed out.

User1 has been logged off many times after his acount was removed from domain admins group, but user2 still cannot unlock user1 account


all domain controller are local in the LAN and in the same site.


Any help?

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39819359
is user 1 a member of the domain users security group?
0
 

Author Comment

by:jskfan
ID: 39819444
<<is user 1 a member of the domain users security group? >>

Yes
0
 

Author Comment

by:jskfan
ID: 39819706
this fixed it:

http://enterpriseadminanon.blogspot.com/2009/05/that-admincount-adminsdholder-and.html


If you are using adsiedit.msc, you should take the following steps:
•Right click the user (or group) and select Properties.
•On the Attribute Editor tab, find the admincount attribute. Select it and click the [Edit] button. Click on the
button (or set the value to 0 if you want the historical artifact). Click [Ok].
•Select the Security tab
•Click on the [Advanced] button. Click on the [Default] button. This will restore the removed permissions PLUS it will put a check mark next to the “Allow inheritable permissions…” box, which you want.
•Click on [Ok] until you close out that user’s properties
0
 

Author Closing Comment

by:jskfan
ID: 39819852
thanks for responding
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question