A good explanation at http://social.technet.microsoft.com/wiki/contents/articles/22331.adminsdholder-protected-groups-and-security-descriptor-propagator.aspx
Once you made the change through ADSIEdit to set to adminCount 0, then enable inheritance in AD under the user account properties Rami From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Tuesday, June 17, 2014 7:26 PM To: [email protected] Subject: [NTSysADM] ADSIEdit- access denied So ever since our exchange 2013 server has been deployed, anytime a user updates their phone os or gets a new telephone they cant reconnect to Exchange, The 100% surefire way is to open ADSIEdit ,expand the user and delete the users exchange container that contains information regarding the older (retired) phones. Hasn't failed till today, this user is a domain admin, and when i try to "fix it" i get access denied is it because he's ad admin as well, or did he possibly "inadvertently " alter some permissions? Jean-Paul Natola ________________________________ If this message is not meant for you, do not use it - please let us know, and then delete it. We try hard to keep our messages and attachments free of viruses and other malicious programs, but are not liable if our precautions don't prevent their spread.
