Access Denied creating user accounts through vba

Similar Messages

• Creating user accounts through ARD3 on client machines

  Hello. I am trying to create a secondary local admin account on some machines that are running ARD3/OS X 10.4.8. Right now, I am using only one machine as a test before attempting this on the several hundred machines I need to do this on.
  I used this old thread as a reference:
  http://discussions.apple.com/thread.jspa?messageID=1112351&#1112351
  Using these instructions, I am able to connect to the ARD client machines and send them the UNIX commands as root. Here are the commands I am using in order:
  echo 'admin2::512:512::0:0:admin2:/Users/admin2:/bin/bash' | niload -v passwd /
  echo 'admin2:*:512:admin2' | niload -v group /
  niutil -appendprop / /groups/admin users admin2
  Using these commands, I can successfully create a user account named "admin2", with no password, create a group named admin2, and also make user admin2 a member of the admin group.
  The problem I am having is using the passwd command through ARD. The passwd username command requires you to type the password in twice and you get the following output:
  New password:
  Changing password for admin2.
  Password unchanged.
  I have also attempted to add the password in the first command that is sent in Field 2, like so:
  echo 'admin2:password:512:512::0:0:admin2:/Users/admin2:/bin/bash' | niload -v passwd /
  However, when I try to login, it will not let me login using the pasword I specified the above command. The only way this works is if I execute the passwd command.
  Is there any way in ARD that I can change a user password on another machine -or- is there a syntax for the passwd command that I can use to change the password without entering it twice?
  Any help would be greatly appreciated. I would email the author of the solution "shayaan", but an email address is not listed and the original thread is locked.
  Thanks,
  Jason

  found answer in another thread.

• How do I access my encrypted User Account files from my Back Up hard drive?  Time Machine  was used to create the back up disk; File Vault was used to encrypt the files.

  How do I access my encrypted User Account files from my Back Up hard drive?  Time Machine  was used to create the back up disk; File Vault was used to encrypt the files.

  Thanks.  I will try going through TM.  Since my Simpletech is on the way out, I'll be plugging in a new external hard drive (other than the back-up drive) and trying to restore the library to the new drive.  Any advice or warning if this is NOT the right thing to do?
  Meanwhile, that is a great tip to do an alternate back-up using a different means.  It's been tough to figure out how to "preserve access" to digital images and files for posterity, knowing the hardware will always fail/obsolesce sooner or later, and that "clouds" are only as good as their consistent and reliable accessibility.  Upping the odds with redundancy will help dull the edge of my "access anxiety", though logically, it can never relieve it.  Will look into
  Carbon Copy Cloner.

• : Could not create connection; - nested throwable: (java.sql.SQLException: Access denied for user 'adobe'@'localhost' (using password: YES))

  hi all can anyone help me i am geting Exception while starting LCES server
  : Could not create connection; - nested throwable: (java.sql.SQLException: Access denied for user 'adobe'@'localhost' (using password: YES))

  hi all can anyone help me i am geting Exception while starting LCES server
  : Could not create connection; - nested throwable: (java.sql.SQLException: Access denied for user 'adobe'@'localhost' (using password: YES))

• Creating windows user account through java

  Hi,
  Is it possible to manage(create/edit/delete) windows user account through java.
  Where in the java program is used to create windows accouunt on the same machine.....
  I did that with the net command and running the net command in java.... is there any better approch to this problem
  Regds
  sandy

  I have heard something about the JDesktop, will it be
  possible if i use the JDesktop,How would I know, it's not a standard library. Go and have a look at it.

• [solved] mysql suddenly access denied for user root ..

  Hi folk,
  I am in total panic right now!
  As of an hour ago i suddenly got 'Error establishing a database connection' from all of my sites
  I then first tried to login through phpmyadmin but got #1045 Cannot log in to the MySQL server
  I then tried to login through the terminal but got ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
  I am not really sure where to find solutions because primarily this error is on new installs:
  I have tried the following :
  mysql_safe --skip-grant-tables
  [odp@odp ~]$ sudo mysqld_safe --skip-grant-tables &
  [4] 3181
  [odp@odp ~]$ 140115 19:43:50 mysqld_safe Logging to '/var/lib/mysql/odp.err'.
  140115 19:43:50 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
  140115 19:43:52 mysqld_safe mysqld from pid file /var/lib/mysql/odp.pid ended
  [4] Done sudo mysqld_safe --skip-grant-tables
  here is the odp.err
  140115 19:25:41 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
  140115 19:25:41 InnoDB: The InnoDB memory heap is disabled
  140115 19:25:41 InnoDB: Mutexes and rw_locks use GCC atomic builtins
  140115 19:25:41 InnoDB: Compressed tables use zlib 1.2.8
  140115 19:25:41 InnoDB: Using Linux native AIO
  140115 19:25:41 InnoDB: Initializing buffer pool, size = 128.0M
  140115 19:25:41 InnoDB: Completed initialization of buffer pool
  140115 19:25:41 InnoDB: highest supported file format is Barracuda.
  140115 19:25:41 InnoDB: Waiting for the background threads to start
  140115 19:25:42 Percona XtraDB (http://www.percona.com) 5.5.34-MariaDB-31.1 started; log sequence number 38562281
  140115 19:25:42 [Note] Plugin 'FEEDBACK' is disabled.
  140115 19:25:42 [ERROR] /usr/bin/mysqld: unknown option '--skip-grant-tables'
  140115 19:25:42 [ERROR] Aborting
  140115 19:25:42 InnoDB: Starting shutdown...
  140115 19:25:42 InnoDB: Shutdown completed; log sequence number 38562281
  140115 19:25:42 [Note] /usr/bin/mysqld: Shutdown complete
  140115 19:25:42 mysqld_safe mysqld from pid file /var/lib/mysql/odp.pid ended
  140115 19:35:48 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
  140115 19:35:48 InnoDB: The InnoDB memory heap is disabled
  140115 19:35:48 InnoDB: Mutexes and rw_locks use GCC atomic builtins
  140115 19:35:48 InnoDB: Compressed tables use zlib 1.2.8
  140115 19:35:48 InnoDB: Using Linux native AIO
  140115 19:35:48 InnoDB: Initializing buffer pool, size = 128.0M
  140115 19:35:48 InnoDB: Completed initialization of buffer pool
  InnoDB: Unable to lock ./ibdata1, error: 11
  InnoDB: Check that you do not already have another mysqld process
  InnoDB: using the same InnoDB data or log files.
  140115 19:35:48 InnoDB: Retrying to lock the first data file
  InnoDB: Unable to lock ./ibdata1, error: 11
  InnoDB: Check that you do not already have another mysqld process
  InnoDB: using the same InnoDB data or log files.
  140115 19:37:28 InnoDB: Unable to open the first data file
  InnoDB: Error in opening ./ibdata1
  140115 19:37:28 InnoDB: Operating system error number 11 in a file operation.
  InnoDB: Error number 11 means 'Resource temporarily unavailable'.
  InnoDB: Some operating system error numbers are described at
  InnoDB: http://dev.mysql.com/doc/refman/5.5/en/operating-system-error-codes.html
  140115 19:37:28 InnoDB: Could not open or create data files.
  140115 19:37:28 InnoDB: If you tried to add new data files, and it failed here,
  140115 19:37:28 InnoDB: you should now edit innodb_data_file_path in my.cnf back
  140115 19:37:28 InnoDB: to what it was, and remove the new ibdata files InnoDB created
  140115 19:37:28 InnoDB: in this failed attempt. InnoDB only wrote those files full of
  140115 19:37:28 InnoDB: zeros, but did not yet use them in any way. But be careful: do not
  140115 19:37:28 InnoDB: remove old data files which contain your precious data!
  140115 19:37:28 [ERROR] Plugin 'InnoDB' init function returned error.
  140115 19:37:28 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
  140115 19:37:28 [ERROR] mysqld: Can't lock aria control file '/var/lib/mysql/aria_log_control' for exclusive use, error: 11. Will retry for 30 seconds
  I have also tried the solution where you move the ibdata1 and copy it back with -a to no success.
  The result of mysqld_safe --skip-grant-tabels
  [odp@odp ~]$ mysqld_safe --skip-grant-tabels &
  [4] 3555
  [odp@odp ~]$ 140115 19:49:21 mysqld_safe Logging to '/var/lib/mysql/odp.err'.
  touch: cannot touch '/var/lib/mysql/odp.err': Permission denied
  chmod: cannot access '/var/lib/mysql/odp.err': Permission denied
  140115 19:49:21 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
  /usr/bin/mysqld_safe: line 138: /var/lib/mysql/odp.err: Permission denied
  rm: cannot remove '/var/lib/mysql/odp.pid': Permission denied
  /usr/bin/mysqld_safe: line 182: /var/lib/mysql/odp.err: Permission denied
  touch: cannot touch '/var/lib/mysql/odp.err': Permission denied
  chown: cannot access '/var/lib/mysql/odp.err': Permission denied
  chmod: cannot access '/var/lib/mysql/odp.err': Permission denied
  140115 19:49:21 mysqld_safe mysqld from pid file /var/lib/mysql/odp.pid ended
  /usr/bin/mysqld_safe: line 138: /var/lib/mysql/odp.err: Permission denied
  [4] Exit 1 mysqld_safe --skip-grant-tables
  any advice is greatly appreciated
  Last edited by odp (2014-01-15 19:46:39)

  OK super random, it works now.
  First off I too took and added skip-grant-tables to [mysqld] /etc/mysql/my.cnf
  restarted mysqld and finally had passwordless login. From within mysql i ran
  UPDATE mysql.user SET Password=PASSWORD('password') WHERE User='root';
  FLUSH PRIVILEGES;

• Creating User Accounts So I Can Set Parental Controls?

  My nine year old son loves to use YouTube to watch video game videos and apparently there are NO parental controls or any kind of filters on YouTube. The majority of the ones he finds are ok but there's about 15% that are just plain shocking even to me. Its pretty sad the things that people put up there. I hate to have him never be able to get online again so I want to set some sort of filter where I can block content according to keyword but I just cant figure it out at all. So I tried to set controls over the whole MacBook but it tells me that as administrator I cannot. I cant figure out how to create non-admin users though. Searched all the forums and guides, etc. but no answer.
  Thanks, so in summary, I just want to know how to create user accounts if thats the right term.
  I am using a MacBook, running Mac OSX version 10.4.11.

  Hi
  Apple menu (top left hand corner) > System Preferences > Accounts. Click the lock to authenticate. Just above the lock are two icons; a 'plus' and 'minus'. Click the 'plus' icon. Enter the name of your son, tab down into the next field and that should autofill for you with the information you placed in the name field; tab down again and enter a password; tab again to key in the password again; don't tick the box that says "allow user to administer this computer"; click 'Create Account'. You should be prompted with a window asking if you want to leave automatic login on or if you want to turn it off - turn it off. You'll see why later on. What you should see after this has finished is in the left hand window at the top your account details with your name and underneath it should 'Admin' and below your account details will be your son's. Underneath his name it should say 'Standard'.
  Click on his name to select it and now click on the Parental Controls tab on the right hand side of that window. You should now have the option to enable and configure control for the 5 applications listed there: Mail, Finder & System, iChat, Safari and Dictionary. Explore and configure to your hearts content from there. When you are happy quit out of System Preferences and select Log out from the Apple Menu. You should now be presented with the Login Window displaying not only your account but also the newly created one for your son. Log in s your son and test to see if what you've set as a control has worked. Keep going backwards and forwards between the two accounts until you are happy.
  Bear in mind there is only so much you can do.
  It's virtually impossible to block everything potentially morally harmful without basically stopping your son from having any access at all. You could look at supplementing Parental Controls with the built-in filters in your router - if you have one? If you don't then consider getting one. I'm struggling to think of a router for residential use that does not have some sort of built-in web filter?
  The tab button is the key immediately to the left of the 'Q' key. It will have an arrow going from left to right printed on it.
  Tony

• Suspect Adobe ARM creating user account

  Hello
  I was helping a user with a problem about 2 days ago. The problem is that everytime Windows reboots the netbook shows a newly created User Account called icsokern.
  The user has a Samsung netbook, Windows 7 Starter & Service Pack 1 as well as ESET AV.
  Trying to delete the account doesn't make any difference as the account is recreated after a reboot. However, securing the account I put in a password as well as changed the login time access to 0. When I try to change the applications that the user account can access I see only Adobe ARM as ticked. No other application is ticked. This leads me to believe that Adobe ARM could be creating this account, but there is no logical explanation why?
  Checking for a malware reveals no alerts. No quarantined files and Windows' Event Viewer shows no alerts regarding system or application errors.
  Having said the above I decided to ask on the Adobe forum to see if anyone else has had this experience and if so what did they do to fix this?
  w

  Latest Adobe ARM installs task in the Windows Task Scheduler.
  If you see this task, can you try to disable it and check if new User account gets created?
  If new account no longer created after task is disabled, you can conclude that Task Scheduler does it for some reason, which will need to be investigated.

• MySQL connection with OWB 11gR2 results in "access denied for user"

  Hello,
  I just try to establish a connection to a MySQL database with OWB 11gR2, but I always get the error "access denied for user...". I did the things written on [http://blogs.oracle.com/warehousebuilder/2010/01/owb_11gr2_mysql_open_connectivity.html] and I also used the platform configuration from this description. Newest JDBC driver was downloaded and I put the jar-file into the folder OWB_HOME/owb/lib/ext. The definition of the MySQL platform worked and the entry "MySQL" was created in OWB, but no connection can be established. I also tried other tools like MySQL Administrator in order to find out whether the problem is caused by network configuration or sth. like that, but with this tool the connection works.
  OWB is installed on OpenSuse 11.1 64bit. Does anyone know why this error occurs? Perhaps I missed some configuration tasks, which I don't know so far?
  I'm looking forward to your answers.
  Greetings
  Joerg

  Hi David,
  thank you for your reply. The corresponding user has already got this host setting. Anyway he got the wildcard '%' and with other tools I can connect.
  I solved the problem now due to just trying around with usernames. The error was quite funny: OWB changes the username always into upper case and MySQL cannot handle this username. The username must match 100% to be able to login.
  Now I just changed the user in MySQL and wrote the username in upper case. But in fact I would like to know if it is possible to avoid that OWB changes the username, with quotes it didn't work ;-)
  Greetings
  Joerg
  UPDATE:
  Now I'm facing another problem: the connection works, but I cannot import any metadata. When I click on "Browse" to select the correct schema in MySQL DB, no result is displayed. The user anyway has go the privileges to select data from this schema. I also tried to provide the user with every possible privileges for this schema, but I still cannot select any schema. When I write the schema manually and then try to import database objects iin OWB the error message "definitions of userdefined metadata interface are invalid" is displayed (translated from german, so the wording could be different). Does anybody have an idea what the problem could be?
  Edited by: Scantid on 15.01.2010 00:41

• Error...java.sql.SQLException:Access denied for user

  Hi,
  I am getting the following error message while connecting with the MySQL .(O/S :Sun OS 5.6)
  Error.....java.sql.SQLException: Invalid authorization specification: Access denied for user: 'some_user&password@localhost' (Using password: NO)
  Note that i have given all permission to the user using,
  GRANT ALL PRIVILEGES .......................
  The code i have used to connect with the database is,
  import java.io.*;
  import java.sql.*;
  class test
  public static void main(String a[])
  try
  Connection con;
  Statement stmt;
  ResultSet rs;
  Class.forName("org.gjt.mm.mysql.Driver");
  con=DriverManager.getConnection(jdbc:mysql://localhost/db_name?user=some_user&password=some_pass");
  stmt=con.createStatement();
  //do something with resultset
  catch(Exception e)
  System.out.println("Exception in second try.."+e);
  plese guide me on this problem to solve.
  Thankz,
  Bala.

  Hi friends...
  I've read the last post...
  The problem that I have is as follow....
  1. I have installed on my machine MySQL 5.0 Server running
  1.1 I have a database called "base1"
  1.2 User "root", password "works"
  1.3 I have the following sentence to connect it using JDBC
  Connection con = DriverManager.getConnection("jdbc:mysql://localhost/base1", "root", "works");
  More notes:
  - I use the JDBC 5.0
  - My Machine is a Windows XP SP2 Pentium 3.0 512Mb
  and it connects����
  but I have this environment to develop applications, now that I want to connect to Production Environment happens the following:
  2 The Production database is mounted on a Linux Server with MySQL 3.2.
  2.1 I change the sentences as follow:
  Connection con = DriverManager.getConnection("jdbc:mysql://192.168.0.7/base1", "user", "password");
  2.3 But a message appears when I run the Java Program:
  java.sql.SQLException:Access denied for user: '[email protected]' (Using password: YES)
  2.4 As you can see it changes the IP Address...
  More notes:- I have the MySQL Query Browser and I got connection.
  - The IP that display the Error Message is my Second IP configurated on my Network Properties.
  - Server is a Pentium 4 3.0 GHz 2Gb Linux Red Hat 3.0
  I leave this case for the spider... I hope that somebady has the solution.
  What is the problem? Why the JDBC doesn't respect the IP that I wrote.

• BI Dashboard - access denied for user to path /users/administrator/_portal/

  Hi,
  While I am within OBI EE, I try to access My Dashboards and I get this error message:
  " access denied for user to path /users/administrator/_portal/dashboard layout.
  Error Details
  Error Codes: O9XNZMXB "
  I have looked in other forums and found a solutions which was to delete cookies and then restart the system whole. It didn´t work at first. After a while, the system would allow me to access My Dashboards but then....
  ....I wasn´t able to access the shared filters that are on the network, thus impeding my others dashboards to work.
  Does anybody know what the correct procedure for having this work is?
  Thanks in advance,
  Javier Rincon

  Hi...
  go to Catalog Manager.
  Open and navigate to particular folder (_portal in shared)
  right click that and go to permissions.
  In left pane are you able to see the presentation Administrator ??
  If then, check what kind of permission Administrator has (full control or not), if not.. add Administrator into this pane from right pane (In the right pane, You can see the user by Unchecking the check box present below show groups only check box.)
  you didn't tell with whom you logged in?
  If administrator then follow the steps i mentioned,
  else... same steps but instead of administrator check it for particular user.
  Thanks & Regards
  Kishore Guggilla

• Help , how to auto create user account

  Hi, guys,
  i wanna to know how to auto create user account after use the suppliers' api to create supplier.
  i didn't find out how to auto create user account by use ap_vendor_pub_pkg.create_vendor_contact procedure.
  how to auto create the user account ?
  if you know ,tell me ,pls
  best Regards !
  Edited by: wanjin on 2013-4-15 下午11:50

  Hi Gareth，
  I wanna create an Oracle E-business Suite use account ,but how to use fnd_user_pkg.createuser procedure to relation the AP suppliers , not employee suppliers.
  the result like N:Purchasing Super User -->supplier-->Contact Directory --> create user
  then use "Create User Account for this Contact" to create user account
  Regards,
  Wanjin

• Creating user accounts with OIDDAS and use them from the OS

  Hi,
  I have a customer that is experiencing an error creating user accounts from OIDDAS, and use that user accounts from the operating system.
  My customer is using OID/OAS4OS 10.1.4.2.0, and that version is not longer available to download, then, I will try in my own environment
  with OID/OAS4OS 10.1.4.3.0.
  And the question is the following: is supported to create user accounts with OIDDAS and expect that users can work with OAS4OS and be
  able to authenticate in the operating system?
  For the reference, SR# 7222351.993:
  Thanks,
  Luis Vivero.
  Edited by: LV in ORCL on Dec 11, 2008 6:47 AM

  Hi Jacco,
  I didn't see your post before.
  Nop, unfortulately I don't have a document with that. I just received that answer
  from development (related to the plugin for AD that is not certified, and DAS is
  not intended to work with OAS4OS).
  Anyway, about the plugin to work with AD, this is working for me; at least I tested
  it by configuring the plugin, I configured synchronization, the mapping file, I did
  the bootstrap, and the accounts that were bootstraped now shows the OS attributes
  on DAS.
  Regards,
  Luis Vivero.

• What do you use to create user accounts?

  I have used Passenger to create my school's user accounts in the past. Since upgrading to Mavericks Server 3 I can't import the user accounts from Passenger. Does anyone know of a program that will create user accounts for 10.9?

  I downloaded the Passenger 4.2 beta and was able to export a user list that included passwords that I could import into Workgroup Manager 10.9. The format of the export file has changed for 10.9.
  The old format:
  0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 39 dsAttrTypeStandard:RecordName dsAttrTypeStandard:AuthMethod dsAttrTypeStandard:Password dsAttrTypeStandard:UniqueID dsAttrTypeStandard:PrimaryGroupID  dsAttrTypeStandard:Comment dsAttrTypeStandard:Expire dsAttrTypeStandard:Change dsAttrTypeStandard:RealName dsAttrTypeStandard:NFSHomeDirectory dsAttrTypeStandard:UserShell dsAttrTypeStandard:PrintServiceInfoXML dsAttrTypeStandard:HomeDirectory dsAttrTypeStandard:HomeDirectoryQuota dsAttrTypeStandard:MailAttribute dsAttrTypeStandard:Keywords dsAttrTypeStandard:FirstName dsAttrTypeStandard:LastName dsAttrTypeStandard:JobTitle dsAttrTypeStandard:OrganizationName dsAttrTypeStandard:Department dsAttrTypeStandard:Building dsAttrTypeStandard:PhoneNumber dsAttrTypeStandard:MobileNumber dsAttrTypeStandard:FAXNumber dsAttrTypeStandard:PagerNumber dsAttrTypeStandard:EMailAddress dsAttrTypeStandard:Street dsAttrTypeStandard:City dsAttrTypeStandard:State dsAttrTypeStandard:Country dsAttrTypeStandard:PostalCode dsAttrTypeStandard:Picture dsAttrTypeStandard:SMBHome dsAttrTypeStandard:SMBHomeDrive dsAttrTypeStandard:SMBProfilePath dsAttrTypeStandard:SMBScriptPath dsAttrTypeStandard:WeblogURI dsAttrTypeStandard:IMHandle
  ppiper:dsAuthMethodStandard\:dsAuthClearText:123456:2200:1026::::Peter Piper::::::::Peter:Piper:::::::::::::::::::::
  The new format:
  0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 46 dsAttrTypeStandard:RecordName dsAttrTypeStandard:GeneratedUID dsAttrTypeStandard:AuthMethod dsAttrTypeStandard:Password dsAttrTypeStandard:PasswordPolicyOptions dsAttrTypeStandard:UniqueID dsAttrTypeStandard:PrimaryGroupID dsAttrTypeStandard:Comment dsAttrTypeStandard:Expire dsAttrTypeStandard:Change dsAttrTypeStandard:RealName dsAttrTypeStandard:NFSHomeDirectory dsAttrTypeStandard:HomeDirectoryQuota dsAttrTypeStandard:UserShell dsAttrTypeStandard:PrintServiceUserData dsAttrTypeStandard:HomeDirectory dsAttrTypeStandard:MailAttribute dsAttrTypeStandard:MCXSettings dsAttrTypeStandard:Keywords dsAttrTypeStandard:Picture dsAttrTypeStandard:MCXFlags dsAttrTypeStandard:SMBHome dsAttrTypeStandard:SMBHomeDrive dsAttrTypeStandard:SMBProfilePath dsAttrTypeStandard:SMBScriptPath dsAttrTypeStandard:FirstName dsAttrTypeStandard:LastName dsAttrTypeStandard:Street dsAttrTypeStandard:City dsAttrTypeStandard:State dsAttrTypeStandard:PostalCode dsAttrTypeStandard:Country dsAttrTypeStandard:WeblogURI dsAttrTypeStandard:EMailAddress dsAttrTypeStandard:PhoneNumber dsAttrTypeStandard:MobileNumber dsAttrTypeStandard:FAXNumber dsAttrTypeStandard:PagerNumber dsAttrTypeStandard:IMHandle dsAttrTypeStandard:ServicesLocator dsAttrTypeStandard:URL dsAttrTypeStandard:JobTitle dsAttrTypeStandard:OrganizationName dsAttrTypeStandard:Department dsAttrTypeStandard:Building dsAttrTypeStandard:Company
  ppiper:::123456::2220:1026::::Peter Piper:::::::::::::::Peter:Piper::::::::::::::::::::

• Create user account in Child Domain

  Dear all.
  Kindly, i have Forest contain two domain Root domain, child domain.
  in the child domain i can create a user account using the root domain.
  i want to stop this. i want the IT Department there create users for there domain only?
  thanks
  Ashraf Hilal

  Hi Ashraf,
  Your query is not clear. Do you want to restrict enterprise administrators from creating user accounts in child domain?
  By default, Enterprise Admins group is part of Builtin Administrators group in the child domain.
  When child domain is introduced, by default Enterprise Admins group is added to Child Domain\Administrators group (Builtin local Security group).
  How to Restrict Enterprise Admins From Child Domain
  http://social.technet.microsoft.com/wiki/contents/articles/16919.how-to-restrict-enterprise-admins-from-child-domain.aspx
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/a72dc036-3375-4124-9ef7-d30af104451a/enterprise-administrator-and-child-domain?forum=winserverDS
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!