This is AdminSDHolder object on the work. Active directory protects accounts that are part of specific systme groups, ba checking their premissions regullary (this is done py the PDC role owner). If permissions change on this objects, they are reverted back to what is written in AdminSDHolder object. More info can be found on http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318180
Regards Matjaz Ladava, MCSE, MCSA, MCT, MVP Microsoft MVP - Active Directory [EMAIL PROTECTED], [EMAIL PROTECTED] http://ladava.com ----- Original Message ----- From: "Myrick, Todd (NIH/CIT)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 7:29 PM Subject: [ActiveDir] LDAP wright to certains accounts not happening. > What is interesting is these accounts are a member of Domain Administrator. > > Also the permissions didn't propagate down to the child objects that are in > the Domain Administrator group. They propagated down to other objects child > user objects though in the users container. > > I went in an manually added the permissions to one of the accounts, and the > LDAP write operation still fails. > > Does anyone know if this is by design via the LDAP interface? They > developer isn't using ADSI. > > Thanks, > > Todd Myrick > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/