First forgive my ignorance, I didn't that the group should only exist in the forest root domain. But how is it possible that CHILDDOMAIN\Incoming Forest Trust Builders has permissions on the child domain in ADUC when there shouldn't be a CHILDDOMAIN\Incoming Forest Trust Builders?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Matheesha Weerasinghe > Sent: Monday, August 14, 2006 19:37 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Recreate BUILTIN\Incoming Forest > Trust Builders > > Its only in the forest domain IIRC ;-) > > M@ > > > On 8/14/06, Han Valk <[EMAIL PROTECTED]> wrote: > > No??? Child domain. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Matheesha Weerasinghe > > Sent: Monday, August 14, 2006 17:38 > > To: ActiveDir@mail.activedir.org > > Subject: Re: [ActiveDir] Recreate BUILTIN\Incoming Forest > > Trust Builders > > > > By the way you are looking for this on the forest root right? > > > > M@ > > > > > > On 8/14/06, Han Valk <[EMAIL PROTECTED]> wrote: > > > > Yep logged in as Domain Admin. > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > On Behalf Of > > > Matheesha Weerasinghe > > > Sent: Monday, August 14, 2006 13:00 > > > To: ActiveDir@mail.activedir.org > > > Subject: Re: [ActiveDir] Recreate > BUILTIN\Incoming Forest > > > Trust Builders > > > > > > I am wondering if there are ACLs defined on > the group itself > > > or the OU above to prevent you from seen it. > Do you see it as > > > the Administrator account of the domain? > > > > > > M@ > > > > > > > > > On 8/14/06, Han Valk < [EMAIL PROTECTED] > > <mailto: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > wrote: > > > > > > Problem is I don't see it anymore in the BUILTIN > > > container. Strange thing is > > > that if I look at the security of the > domain object in > > > ADUC Incoming Forest > > > Trust Builders is there. > > > > > > > -----Original Message----- > > > > From: > [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > > > [mailto: [EMAIL PROTECTED] > > > <mailto: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > ] On Behalf Of > > > > Matheesha Weerasinghe > > > > Sent: Monday, August 14, 2006 10:22 > > > > To: ActiveDir@mail.activedir.org > <mailto:ActiveDir@mail.activedir.org> > > > > Subject: Re: [ActiveDir] Recreate > > BUILTIN\Incoming Forest > > > > Trust Builders > > > > > > > > I dont think so. objectsid attribute > is a systemonly > > > > attribute. Personally I am impressed > of that "smart > > > > co-worker" that managed to delete it. > > According to the AD > > > > Delegation appendices > > > > > > > > http://www.microsoft.com/downloads/details.aspx?FamilyID=29dba > > > > e88-a216-45f9-9739-cb1fb22a0642&DisplayLang=en > > > > > > <http://www.microsoft.com/downloads/details.aspx?FamilyID=29db > > > > ae88-a216-45f9-9739-cb1fb22a0642&DisplayLang=en> its > > > not > possible to move > > > delete rename this group. > > > > > > > > May be he exploited the dynamic objects > > feature in Windows > > > > 2003 RTM? > > > > > > > > > > http://blogs.dirteam.com/blogs/tomek/archive/2006/06/23/1175.aspx > > > > > > > > > > > > M@ > > > > > > > > > > > > > > > > On 8/14/06, Han Valk < > [EMAIL PROTECTED]> wrote: > > > > > > > > Hi, > > > > > > > > A smart co-worker deleted the > > BUILTIN\Incoming Forest > > > > Trust Builders group. > > > > Is it possible to recreate this group > > with the same > > > > well known SID? > > > > Authoritative restore is out of > the question, > > > > deletetion is too long ago. > > > > > > > > Han Valk. > > > > List info : > > http://www.activedir.org/List.aspx > > <http://www.activedir.org/List.aspx> > > > > List FAQ : > > http://www.activedir.org/ListFAQ.aspx > > > > List archive: > > http://www.activedir.org/ml/threads.aspx > > <http://www.activedir.org/ml/threads.aspx> > > > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > <http://www.activedir.org/List.aspx > > > > List FAQ : > http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.activedir.org/ml/threads.aspx > <http://www.activedir.org/ml/threads.aspx> > > > > > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
