Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton2017-09-27 12:54:48
Active Directory
Anton, 2017-09-27 12:54:48

How to change the value of the adminCount attribute in AD?

Hello.
For 2008r2, DC created a built-in group for first line tech support agents. Their task is simple - to arrange the values ​​in the fields of the "User" object, namely, description, room, phone. Through delegation gave them such rights.
But, some users are in protected groups, which is indicated by the attribute adminCount = "1" and you cannot change the information in their fields.
How can this problem be solved? I think there must be some permission in the delegation, but what?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vorp, 2020-09-29
@hunk3r

You can remove protection, but the object must not be in protected groups. We make sure that it is not, and:

  1. Change the value of the admincount attribute to 0
  2. We allow inheritance in the security settings of the user object.

Similar questions
A
Alex2018-04-23 14:18:03
Smart card authentication in Active Directory, are user passwords still used? 1Reply
V
Vladimir Kivva2012-10-14 03:56:31
What is the easiest way to transfer machines in a domain from Windows 7 to 8? 1Reply
N
Nikita Sizov2015-12-17 17:54:18
How are notebook DNS records updated in Active Directory? 4Reply
D
Denis Sechin2015-12-21 16:15:41
How to correctly differentiate user rights? 2Reply
P
Pavel2015-12-24 12:31:34
When running explorer.exe, it gives Windows Server 2012R2 Application Server Error? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question