Cannot unlock Domain user account
Cannot unlock Domain user account
we used to have user1 as member of domain admins group, then we removed him.
we have user2 that we delegated unlock accounts privileges, he can unlock all domain users account, but he cannot unlock user1 account, it shows grayed out.
User1 has been logged off many times after his acount was removed from domain admins group, but user2 still cannot unlock user1 account
all domain controller are local in the LAN and in the same site.
Any help?
Thanks
we used to have user1 as member of domain admins group, then we removed him.
we have user2 that we delegated unlock accounts privileges, he can unlock all domain users account, but he cannot unlock user1 account, it shows grayed out.
User1 has been logged off many times after his acount was removed from domain admins group, but user2 still cannot unlock user1 account
all domain controller are local in the LAN and in the same site.
Any help?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this fixed it:
http://enterpriseadminanon.blogspot.com/2009/05/that-admincount-adminsdholder-and.html
If you are using adsiedit.msc, you should take the following steps:
•Right click the user (or group) and select Properties.
•On the Attribute Editor tab, find the admincount attribute. Select it and click the [Edit] button. Click on the
button (or set the value to 0 if you want the historical artifact). Click [Ok].
•Select the Security tab
•Click on the [Advanced] button. Click on the [Default] button. This will restore the removed permissions PLUS it will put a check mark next to the “Allow inheritable permissions…” box, which you want.
•Click on [Ok] until you close out that user’s properties
http://enterpriseadminanon.blogspot.com/2009/05/that-admincount-adminsdholder-and.html
If you are using adsiedit.msc, you should take the following steps:
•Right click the user (or group) and select Properties.
•On the Attribute Editor tab, find the admincount attribute. Select it and click the [Edit] button. Click on the
button (or set the value to 0 if you want the historical artifact). Click [Ok].
•Select the Security tab
•Click on the [Advanced] button. Click on the [Default] button. This will restore the removed permissions PLUS it will put a check mark next to the “Allow inheritable permissions…” box, which you want.
•Click on [Ok] until you close out that user’s properties
ASKER
thanks for responding
ASKER
Yes