Results 1 to 11 of 11

Thread: Permissions on AD User accounts.

  1. #1
    Senior Member
    Join Date
    Aug 2005
    Location
    Surrey
    Posts
    299
    Thanks
    3
    Thanked
    4 times in 4 posts

    Permissions on AD User accounts.

    Hi,

    In our AD domain I have a sepertate OU with about 177 user accounts. These accounts should be inheriting permissions from the partent OU, but arn't.

    If I amend the permissions to these account so they are inheriting then after a few hours they go back to not inheriting.

    This works fine on another OU, but not this one.

    Any one have any ideas where to look as it's driving me nuts!

    Thanks,

    Mark
    Intel i5 2500K
    Gbyte Z68mx-ud3
    2x 4GB Corsair Vengance
    NEC ND3540A BLACK DVDR
    1TB HDD
    Sony SDM-HS75P 17" TFT
    Logitech Cordless Mouse and Keyboard LX700

  2. #2
    Splash
    Guest
    Sounds to me like you have a wonky GP in place somewhere - have you checked that?

    EDIT - http://www.microsoft.com/downloads/d...DisplayLang=en should be able to help you

  3. #3
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    how many dc's have you got ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  4. #4
    Senior Member
    Join Date
    Aug 2005
    Location
    Surrey
    Posts
    299
    Thanks
    3
    Thanked
    4 times in 4 posts
    Quote Originally Posted by Moby-Dick
    how many dc's have you got ?
    177 at the moment

    Quote Originally Posted by Splash
    Sounds to me like you have a wonky GP in place somewhere - have you checked that?
    I have been thinking that but there are no GPO's linked to this OU that are not linked to the other ones that work. (I use the Group Policy Management Console currently)

    It's a 2003 domain with both the domain and forest funtion levels at Windows 2003.
    Intel i5 2500K
    Gbyte Z68mx-ud3
    2x 4GB Corsair Vengance
    NEC ND3540A BLACK DVDR
    1TB HDD
    Sony SDM-HS75P 17" TFT
    Logitech Cordless Mouse and Keyboard LX700

  5. #5
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    With that number of Domain Controllers you'll need to make sure that replication can complete in time or you'll have problems.

    how many sites?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  6. #6
    Splash
    Guest
    177 users with 177 DCs? Am I alone in think WTH?

  7. #7
    Senior Member
    Join Date
    Aug 2005
    Location
    Surrey
    Posts
    299
    Thanks
    3
    Thanked
    4 times in 4 posts
    Quote Originally Posted by Splash
    177 users with 177 DCs? Am I alone in think WTH?
    lol no, 177 DC's about 5,000 users in the whole domain there just happens to be the 177 user accounts in the offending OU.

    Quote Originally Posted by Moby-Dick
    With that number of Domain Controllers you'll need to make sure that replication can complete in time or you'll have problems.

    how many sites?
    160 odd sites. Hub and Spoke topoligy with our Head office being the hub.

    We have planned for this and AD replication is working with out and issues. I think this problem may have somehting to do with replication though.....
    Intel i5 2500K
    Gbyte Z68mx-ud3
    2x 4GB Corsair Vengance
    NEC ND3540A BLACK DVDR
    1TB HDD
    Sony SDM-HS75P 17" TFT
    Logitech Cordless Mouse and Keyboard LX700

  8. #8
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    I did notice he said at the moment - so it sounds to me like a branch type topology with a test account for each server ( which presumably has been grouped into a site )

    eg my network at work is only about 2/3000 accounts but 500 DC's
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  9. #9
    Senior Member
    Join Date
    Aug 2005
    Location
    Surrey
    Posts
    299
    Thanks
    3
    Thanked
    4 times in 4 posts
    Quote Originally Posted by Moby-Dick
    I did notice he said at the moment - so it sounds to me like a branch type topology with a test account for each server ( which presumably has been grouped into a site )

    eg my network at work is only about 2/3000 accounts but 500 DC's
    Yep, that's pretty much it. Pain in the backside to manage, but not as bad as 500DC's!
    Intel i5 2500K
    Gbyte Z68mx-ud3
    2x 4GB Corsair Vengance
    NEC ND3540A BLACK DVDR
    1TB HDD
    Sony SDM-HS75P 17" TFT
    Logitech Cordless Mouse and Keyboard LX700

  10. #10
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,825
    Thanks
    161
    Thanked
    358 times in 288 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC
    May seem like a silly question, but have you had a look through the event logs?
    Also, how are your sites set up? Probably irrelevant but you never know
    Have you tried checking things from another DC (i.e. useing the GP manager to connect to a different DC and see what results you get?
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  11. #11
    Senior Member
    Join Date
    Aug 2005
    Location
    Surrey
    Posts
    299
    Thanks
    3
    Thanked
    4 times in 4 posts
    WooHoo found the answer, seems this is behaviour by design, oh joy!

    http://support.microsoft.com/kb/817433/en-us
    Intel i5 2500K
    Gbyte Z68mx-ud3
    2x 4GB Corsair Vengance
    NEC ND3540A BLACK DVDR
    1TB HDD
    Sony SDM-HS75P 17" TFT
    Logitech Cordless Mouse and Keyboard LX700

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Windows - a brief guide inside
    By Paul Adams in forum Software
    Replies: 31
    Last Post: 23-06-2007, 03:14 PM
  2. Real networking over "simple file sharing"
    By latrosicarius in forum Networking and Broadband
    Replies: 32
    Last Post: 05-04-2006, 11:09 PM
  3. Windows User Name & "My Documents"
    By Stumpy2 in forum Software
    Replies: 9
    Last Post: 30-03-2006, 03:20 PM
  4. Advice on Windows XP user accounts
    By Darkmatter in forum Software
    Replies: 4
    Last Post: 23-10-2003, 03:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •