{"id":80,"date":"2006-10-11T15:44:20","date_gmt":"2006-10-11T03:44:20","guid":{"rendered":"http:\/\/craig.dubculture.co.nz\/blog\/2006\/10\/11\/windows-tools-you-didnt-know-about-dsaclsexe\/"},"modified":"2010-08-28T17:37:37","modified_gmt":"2010-08-28T16:37:37","slug":"windows-tools-you-didnt-know-about-dsaclsexe","status":"publish","type":"post","link":"http:\/\/craig.dubculture.co.nz\/blog\/2006\/10\/11\/windows-tools-you-didnt-know-about-dsaclsexe\/","title":{"rendered":"Windows utilities you didn't know about: dsacls.exe"},"content":{"rendered":"<p>If you set permissions to lock yourself out of an object in Active Directory (or your co-worker does it for you - hi Pete!) then you can use the support tool ADSIEDIT to fix it.<\/p>\n<p>Unless you've done something really difficult, like set DENY permission to \"NT AUTHORITY\\Authenticated Users\".<\/p>\n<p>The error was \"An invalid directory name was passed\" trying to change the properties on the object, which was also showing as a note, and not a container.<\/p>\n<p>A suggestion to <a href=\"http:\/\/groups.google.co.nz\/group\/microsoft.public.adsi.general\/msg\/7a108c1f12b8be71\">update the schema and clear the cache<\/a> didn't work; what did work eventually, was this gem of a command line, suggested but not entirely correctly spelt out by <a href=\"http:\/\/support.microsoft.com\/default.aspx?scid=kb;en-us;300444\">knowledge base article 300444<\/a>:<\/p>\n<pre>dsacls \"CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=SITE NAME ,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN\" \/I:T \/R \"NT AUTHORITY\\Authenticated Users\"<\/pre>\n<p>And they say Windows isn't a CLI OS.<\/p>\n<p>After using \/R to remove the ACL, you can use \/S to set it back to its inherited-from-parent ACL.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you set permissions to lock yourself out of an object in Active Directory (or your co-worker does it for you - hi Pete!) then you can use the support tool ADSIEDIT to fix it. Unless you've done something really difficult, like set DENY permission to \"NT AUTHORITY\\Authenticated Users\". The error was \"An invalid directory [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[66,68],"tags":[27,4],"_links":{"self":[{"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/posts\/80"}],"collection":[{"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":1,"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/posts\/80\/revisions"}],"predecessor-version":[{"id":395,"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/posts\/80\/revisions\/395"}],"wp:attachment":[{"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/media?parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/categories?post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/craig.dubculture.co.nz\/blog\/wp-json\/wp\/v2\/tags?post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}