{"id":345,"date":"2012-05-14T13:01:08","date_gmt":"2012-05-14T12:01:08","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/isg\/?p=345"},"modified":"2012-05-14T13:01:08","modified_gmt":"2012-05-14T12:01:08","slug":"restoring-permissions-on-an-ad-objects-to-domainenterprise-administrators","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/isg\/?p=345","title":{"rendered":"Restoring permissions on an AD objects to Domain\/Enterprise Administrators"},"content":{"rendered":"<p>I recently accidently set added Authenticated Users = Deny Read on GPO object.\u00a0As &#8216;Deny&#8217; \u00a0ACEs take priority over &#8216;Allow&#8217; everyone was blocked including Domain and Enterprise Administrators!<\/p>\n<p>After some\u00a0research, trial and error we\u00a0found\u00a0that the following procedure can be used to restore permissions back to Domain Administrators.<\/p>\n<ol>\n<li>Log on the PDC emulator as Domain Admin.<\/li>\n<li>Get the DN of the problem object(s)<\/li>\n<li>Run an elevated command prompt<\/li>\n<li>Run <strong>dsacls &lt;dn&gt; \/R &#8220;DOMAIN\\Domain Admins&#8221;<br \/>\n<\/strong><\/li>\n<li>Run <strong>dsacls &lt;dn&gt; \/G &#8220;DOMAIN\\Domain Admins&#8221;:GA<br \/>\n<\/strong><\/li>\n<li>Locate the system object in the AD. GPOs are in the System Container.<\/li>\n<li>Restore permissions for the object.<\/li>\n<li>Check the \u00a0object\u2019s folder within SYSVOL and verify the permissions are up to date. If not then restore the permissions here too (I actually did this between 5\u00a0 and 6 but according to Internet sources step 7 will do this).<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>I recently accidently set added Authenticated Users = Deny Read on GPO object.\u00a0As &#8216;Deny&#8217; \u00a0ACEs take priority over &#8216;Allow&#8217; everyone was blocked including Domain and Enterprise Administrators! After some\u00a0research, trial and error we\u00a0found\u00a0that the following procedure can be used to &hellip; <a href=\"https:\/\/blogs.ncl.ac.uk\/isg\/?p=345\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":4740,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","hentry","category-activedirectory"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/users\/4740"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=345"}],"version-history":[{"count":3,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":348,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=\/wp\/v2\/posts\/345\/revisions\/348"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/isg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}