locked
Update-AdmPwdADSchema: The user has insufficient access rights (how do I add a server parameter)? RRS feed

  • Question

  • I'm trying to run this command for LAPS:

     Update-AdmPwdADSchema

    I am part of enterprise admins, schema admins and domain admins yet I can't run this as I get an insufficient rights error. I am running this as powershell admin on the FSMO schema master. Another thread mentioned to add the -server parameter but I am not sure how to do this.

     Update-AdmPwdADSchema -Server 'serverA' tells me that server is not a valid parameter. I can't find ANY real resources on how to add this via powershell.

    Tuesday, January 16, 2018 3:56 PM

Answers

  • Never mind, just didn't add myself to the schema level. Thanks!
    • Marked as answer by jrv Thursday, September 5, 2019 11:43 PM
    Thursday, September 5, 2019 11:30 PM

All replies

  • Hi,

    Based on my research, I'd like to explain that there may have no needs to run this command on another server. Once AD Schema update is complete, it will be synchronized in the domain through AD replication.
    In this case, I recommend checking under Schema partition via ADSI Edit to see if the permissions are normal, the following figure for your reference:


    If you need further help, please feel free to let us know.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, January 17, 2018 6:52 AM
  • Hi,

    Just want to confirm the current situations. Have you tried the method provided before?

    If you already tried them or the issue remains after trying them, please don’t hesitate to tell me. I will do more research and try my best to give you helpful suggestions.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, January 19, 2018 2:38 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Appreciate for your feedback.

    Best Regards,
    Albert

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 23, 2018 5:56 AM
  • You need to perform this on the Schema Master.
    Monday, February 12, 2018 8:23 PM
  • Sorry, I'm late to the scene, but I'm also having this issue. checked the schema properties, but it's grayed out - is that the issue? I've tried domain and enterprise level accounts. Please advise... 
    Thursday, September 5, 2019 11:24 PM
  • Never mind, just didn't add myself to the schema level. Thanks!
    • Marked as answer by jrv Thursday, September 5, 2019 11:43 PM
    Thursday, September 5, 2019 11:30 PM