none
Unable to delete a AD Container Access is Denied

    Question

  • Hi All,

    I am a domain admin of a AD Domain.

    It seems i messed up a permission of 1 specific container in AD.

    So post removing the permissions it seems that the AD Container is hidden fro view.

    I went to ADSI Edit and i see it there as White notepad object as below:

    I am trying to delete it or to re add the permissions back but it is failing to do so.

    Can any one help me in getting the container deleted as i cannot create a new one as it says it is already there. 

    Tuesday, April 18, 2017 10:10 PM

Answers

  • Hi There,

    Login to the Domain controller.

    Download PSexec tool from the PS Tools site:

    https://technet.microsoft.com/en-us/sysinternals/pstools.aspx?f=255&MSPPError=-2147217396

    Now extract PSexec and then use the below command to switch to the Domain controllers System account and not with your Domain admin account.

    PsExec.exe -s -i cmd.exe

    Now open adsiedit.msc using the new command prompt and you should be able to modify the permissions of the object using the Domain controllers System account.


    Gautam.75801


    Tuesday, April 18, 2017 10:20 PM

All replies

  • Hi There,

    Login to the Domain controller.

    Download PSexec tool from the PS Tools site:

    https://technet.microsoft.com/en-us/sysinternals/pstools.aspx?f=255&MSPPError=-2147217396

    Now extract PSexec and then use the below command to switch to the Domain controllers System account and not with your Domain admin account.

    PsExec.exe -s -i cmd.exe

    Now open adsiedit.msc using the new command prompt and you should be able to modify the permissions of the object using the Domain controllers System account.


    Gautam.75801


    Tuesday, April 18, 2017 10:20 PM
  • Hi Gautam,

    Thanks a lot. That worked, I dint know that the Domain controllers System account had that level of permissions.

    Wednesday, April 19, 2017 3:02 AM