Ok, now if anyone ISN'T paying attention, this is why access to domain controllers should be explicitly and closely controlled.
The power was used properly here, now consider someone who has access on a DC so they can set up shares or load software or a million other silly reasons to give out access to a domain controller to a non-Enterprise Admin at a local site... Oh don't worry, they don't have any power to hurt anything... joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of clister Sent: Tuesday, June 01, 2004 11:59 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] HELP URGENT how to recover exch2000 admin account d eleted Problem solved!! I have assigned system full rigths access on domain controller, then Ive installed mmc for admin exchange, I ran mmc as system account by means of 'at' command and then delegate my exchange organization to other account so I succeded on getting admin access to exchange, so recovering. El Martes, 1 de Junio de 2004 11:14, Nicolas Blank escribió: > Exchange Server 2003 Deployment Guide - page 84/85 > > The account you use to run ForestPrep must be a member of the > Enterprise Administrator and the Schema Administrator groups. While > you are running ForestPrep, you designate an account or group that has > Exchange Full Administrator permissions to the organization object. > This account or group has the authority to install and manage Exchange > 2003 throughout the forest. This account or group also has the > authority to delegate additional Exchange Full Administrator > permissions after the first server is installed. > > ..... > > Exchange Server 2003 Deployment Guide - page 86 > > DomainPrep creates the groups and permissions necessary for Exchange > servers to read and modify user attributes. > > > > Exchange Server 2003 Deployment Guide - > > http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/dep > gu > ide.mspx > > > > The functionality described above has not changed significantly since > Exchange 2000. Hope that helps. > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 01 June 2004 08:05 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin > account d eleted > > > > I think Domain Prep will do in reassiging those rights instead of > Forest Prep. Please correct me if I am wrong. > > Regards, > Mohammed Athif Khaleel > Asst.Network Engineer > AlFaisaliah Group Information Technology > Tel.: +966-1-461-0077 x.209 > Moble.: +966-509774015 > Email: [EMAIL PROTECTED] > "Save Internet, Keep all the systems patched" > Web: http://alfaisaliah.com > > > > -----Original Message----- > From: Nicolas Blank [mailto:[EMAIL PROTECTED] > Sent: Monday, 31 May 2004 8:17 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] HELP URGENT how to recover exch2000 admin > account d eleted > > > > Authoritive restore or if you can't recover this puppy, re-run forest > prep and nominate another account. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Clist > Sent: 31 May 2004 06:20 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] HELP URGENT how to recover exch2000 admin account > deleted > > I have deleted the exch2000 administrator account, > > how can i revover this account? > > Thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
