Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton2017-09-27 12:54:48
Active Directory
Anton, 2017-09-27 12:54:48

How to change the value of the adminCount attribute in AD?

Hello.
For 2008r2, DC created a built-in group for first line tech support agents. Their task is simple - to arrange the values ​​in the fields of the "User" object, namely, description, room, phone. Through delegation gave them such rights.
But, some users are in protected groups, which is indicated by the attribute adminCount = "1" and you cannot change the information in their fields.
How can this problem be solved? I think there must be some permission in the delegation, but what?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vorp, 2020-09-29
@hunk3r

You can remove protection, but the object must not be in protected groups. We make sure that it is not, and:

  1. Change the value of the admincount attribute to 0
  2. We allow inheritance in the security settings of the user object.

Similar questions
S
Stalker4uk2017-05-25 16:06:19
Which windows server to choose and what to put there? 0Reply
L
lochost1272019-10-26 19:22:44
Downgrading a domain controller? 1Reply
D
Dim2017-05-29 09:51:09
What is the difference between inheritance of rights and selection of objects of application? 0Reply
G
graymonstr2015-06-17 16:41:16
How to deploy printers to client PCs via GPO? 1Reply
M
Misha Shav2019-11-02 14:25:27
How to run a windows script in elevated privileges via GPO? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question