Administrator Accounts Not Visible from Third Party AD-connected Systems
Our Active Directory was born to Windows 2000 and has migrated through to its current functional level of 2008 R2.
We are experiencing an issue with 3 different non-Windows systems that are AD-connected. On an iMac, NAS and, most recently, vCenter’s Single Sign-On, none of our administrator accounts can be seen by these systems. All other non-administrator accounts and groups are visible from these systems.
The iMac is used by a non-admin user. The NAS and vCenter/vSphere are used exclusively by domain admins.
We’ve used AD’s Attribute Editor to change the AdminCount attribute to ‘not set’ for a test admin account but the other systems continue to be unable to find the account. Eventually the AdminCount attribute is changed back to 1 (we understand this is protection built into AD).
Is this the default behavior of AD, or an ACL that was set at some point in the past which is preventing admin accounts from being visible to these other systems? If the latter, can you point me to which object(s) are involved?
We are experiencing an issue with 3 different non-Windows systems that are AD-connected. On an iMac, NAS and, most recently, vCenter’s Single Sign-On, none of our administrator accounts can be seen by these systems. All other non-administrator accounts and groups are visible from these systems.
The iMac is used by a non-admin user. The NAS and vCenter/vSphere are used exclusively by domain admins.
We’ve used AD’s Attribute Editor to change the AdminCount attribute to ‘not set’ for a test admin account but the other systems continue to be unable to find the account. Eventually the AdminCount attribute is changed back to 1 (we understand this is protection built into AD).
Is this the default behavior of AD, or an ACL that was set at some point in the past which is preventing admin accounts from being visible to these other systems? If the latter, can you point me to which object(s) are involved?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you use 'domain\david-standard you can authenticate but domain\david-admin can't be authenticated?