Trying to change the ACL of a domain user
I am using the Set-Acl cmdlet to add a user to another user's domain account so that the second user will be able to read the permissions available to the first user. I get an error on the very last line "this security id may not be assigned as
the owner of this object". I suspect that perhaps the error is caused because I am not permitted to change the owner of the account and the code is trying to do a wholesale rewrite of the ACL. I am allowed to add the entry to the account through
the UI and that is all I want to do via powershell. Any ideas?
$name1 = "someuser" #this is the user whose acl I want to edit
$name2 = "someotheruser" #this is the user that I want to add to the first user's acl
$objUser = Get-ADUser -LDAPFilter "(sAMAccountName=$Name1)"
$objDelegate = New-Object System.Security.Principal.NTAccount("$name2")
Set-Location AD:
$dn = $objUser.DistinguishedName
$Acl = (Get-Acl $dn)
$Ar = New-Object system.DirectoryServices.ActiveDirectoryAccessRule ($objDelegate,"GenericRead","Allow",$objUser.ObjectGUID)
$Acl.AddAccessRule($Ar)
Set-Acl -Path $dn -AclObject $Acl
Hi Jay,
To change the AD user permission with powershell, the script below is for your reference:
Import-Module ActiveDirectory
# Figure out our domain
$root = (Get-ADRootDSE).defaultNamingContext
# Get or create the System Management container
$ou = $null
try
$ou = Get-ADObject "CN=System Management,CN=System,$root"
catch
Write-Verbose "System Management container does not currently exist."
if ($ou -eq $null)
$ou = New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru
# Get the current ACL for the OU
$acl = get-acl "ad:CN=System Management,CN=System,$root"
# Get the computer's SID
$computer = get-adcomputer $env:ComputerName
$sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
# Create a new access control entry to allow access to the OU
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $sid, "GenericAll", "Allow", "All"
# Add the ACE to the ACL, then set the ACL to save the changes
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"
I think you need to add the line to get user2's SID "$sid".
Refer to:
http://blogs.technet.com/b/mniehaus/archive/2012/01/05/creating-the-configmgr-system-management-container-with-powershell.aspx
If there is anything else regarding this matter, please feel free to let me know.
Best Regards,
Anna Wang
Similar Messages
-
How to change the groupType attribute of a user group object?
I'm trying to change the "groupType" attribute, of a user group object, from 'Distribution' to 'Security' (and the group scope is set to 'Global').
The CAD bit mask value needed would be: 0x80000002 (Decimal -2147483646).
How to change/modify the "groupType" attribute for this user group object?
Thanks,
UDAttribute attr= new BasicAttribute("groupType", "-2147483646");
items[0]=new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
ctx.modifyAttributes(dn, items);
--does not work.
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002141: SvcErr: DSID-031A0B56, problem 5003 (WILL_NOT_PERFORM)
Is it possible to modify it?
Thanks,
UD. -
How to change the full host and domain name on OS X Leopard...
I recently bought an iMac, and I'm trying to configure it for my network. The question I have is, how can I change the host name and domain name from Skuld.local to skuld.tolharadys.net?
After mucking around with a few searches on Google, I've gotten the domain name to stick since running domainname returns tolharadys.net. Also I can change the hostname as reported by 'hostname' temporarily by running 'hostname skuld.tolharadys.net' in Terminal.app. However, this isn't persistent after reboots. Ideas are welcome.You would need a DNS server on your network configured to answer authoritatively for that particular subdomain.
-
I am trying to change the liferay home directory
I followed the installation document for our version of Studio (version 3.0) which says to edit the portal-ext.properties file in the WEB_INF/classes directory of the endeca-portal.3.0.x.war. This doesn't seem to work though. If I add the liferay.home={path} in my standard portal-ext.properties file from the current liferay.home and then cut-n-paste the entire into the endeca-portal.3.0.x.war file, it will start writing the files into the new home directory but I really don't want to have all that stuff in there if I don't have to. Has anyone else tried to change the liferay.home path?
Thanks,
SandyFor Studio installed using Weblogic, you need to copy porta-ext.properties to:
$WEBLOGIC_HOME/user_projects/domains/endeca_studio_domain/eid/studio/
Remember that you need to restart Studio Weblogic domain after any change on the properties file. -
I did step 2 in the "iDVD: Setting Encoding preferences" but my computer isn't giving me the pop-up in step 3 so i can't push an OK button in regards to the message. I waited 15+ hours for it to burn and it sent me to this page. I have tried to change the encoding settings again, and it adjusts the capacity but no message pop-up appears.
You can undo your permission changes. Probably the most relevant one is cookies. Try one or both of these methods:
(1) Page Info > Permissions tab
While viewing a page on the site:
* right-click and choose View Page Info > Permissions
* Alt+t (open the classic Tools menu) > Page Info > Permissions
(2) about:permissions
In a new tab, type or paste '''about:permissions''' and press Enter. Allow a few moments for the list on the left to populate, as this information needs to be extracted from a database.
Then type or paste ''rcn''' in the search box above the list to filter it to the most relevant domains. When you highlight a domain, you can adjust its permissions in the right pane.
Any luck? -
Trying to change the Tab size of SQL Server 2008 R2 ?
Been trying to change the size of the tab but it just doesnt change!
Went to Tools-Options-Text Editor-Transact-SQL
From 2 to 1.
Any ideas?Hi Shavendra,
The Options dialog box lets you change the default behavior of the Database Engine Query Editor while you are programming Transact-SQL scripts. To display these settings, click Options on the Tools menu, expand the Text Editor folder, expand the Transact-SQL
subfolder and then click Tabs.
Tab size: Sets the distance in spaces between tab stops. The default is four spaces.
Reference: http://msdn.microsoft.com/en-us/library/bb895215.aspx.
Thanks,
Maggie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. This can be beneficial to other community members reading the thread. -
I am trying to change the email address associated with my existing account to free up my university email address for use in obtaining Creative Cloud. Every time I go to the account settings of my existing account (which currently uses my university email, as I set it up years ago and had no idea it'd eventually cause problems), I enter a different email to use for that account but I continuously receive an error message saying "account changes cannot be saved." It makes me think that it's because the email isn't verified (funny, it actually is verified since it has been the alternate email on the old account for years), but when I click the "send verification email" nothing happens (that is, no email is sent to that other email address).
Anyway, my university is now requiring that faculty create new accounts using our university email addresses in order to register/use Creative Cloud. Am I able to delete my old account, or can anyone help me actually change the email address associated with my old account without getting a "changes can't be saved" error?This is an open forum, not Adobe support... you need Adobe support to help
Adobe contact information - http://helpx.adobe.com/contact.html
-Select your product and what you need help with
-Click on the blue box "Still need help? Contact us"
or
Make sure that EVERY DETAIL is the same in every place you enter your information
-right down to how you spell and punctuate the parts of your name and address
Change/Verify Account https://forums.adobe.com/thread/1465499 may help
-Credit card https://helpx.adobe.com/utilities/credit-card.html
-email address https://forums.adobe.com/thread/1446019
-http://helpx.adobe.com/x-productkb/global/didn-t-receive-expected-email.html -
Hi,
I'm trying to change email address on my Apple ID since the email registered for the account has been hacked and I can't access it anymore. The email I want to change to is connected to another Apple ID I created about 4 years ago, though I successfully changed the email on that account as well. So the email I would like to use for my main Apple ID shouldn't be "locked" anymore.
Though, when trying to change the email on my Apple ID I get an error message (in Swedish, so this is a direct translate from google): "This e-mail address is your email address for notification. It can not be used as the Apple ID or primary email. Choose a different address."
I'm not really sure what this means or how I can fix this. The email address is connected to my Ipad and Iphone for the email app, can that have anything to do with it?
If it makes any difference, I updated both my Ipad3 and Iphone4 to ios 7 today. I'm trying to change from my Macbook air though.
Please advise, would really appreciate a reply ASAP.caek1 wrote:
Hi,
I'm trying to change email address on my Apple ID since the email registered for the account has been hacked and I can't access it anymore. The email I want to change to is connected to another Apple ID I created about 4 years ago, though I successfully changed the email on that account as well. So the email I would like to use for my main Apple ID shouldn't be "locked" anymore.
Though, when trying to change the email on my Apple ID I get an error message (in Swedish, so this is a direct translate from google): "This e-mail address is your email address for notification. It can not be used as the Apple ID or primary email. Choose a different address."
I'm not really sure what this means or how I can fix this.
It means exactly what it says... The email Address is in Use. You cannot re-use it.
Apple ID Support > http://www.apple.com/support/appleid/ -
I tried to change the file type of the movie, but now I am unable to open/edit it in iMovie, HELP !
I tried to change the file type of the movie, but now I am unable to open/edit it in iMovie, HELP !
Thank you very much! This is exactly what I was looking for.
I appreciate your time and effort in solving my question : ) -
I have an iphone 4 and an ipod touch on the same apple ID. My daughter who uses the ipod tried to change the apple ID on the ipod to be the same with her apple ID on her own Iphone so that she can use facetime on both devices. Not sure what she did but my 3G connection is no longer working.
Changing Facetime settings on an iPod will have no affect on cellular settings on an iPhone. Something else is going on there. If she did not change any settings on the phone, then nothing she did could affect your celluar 3G.
-
I am trying to change the background color of a pdf document
I am trying to change the background color of a pdf document, but am not able. I am working with Adobe X. Can anybody help me?
Hi ZAXSCD,
You can change the background color of a PDF document by following the steps mentioned below:
- Open PDF document in Adobe Acrobat X;
- Click on Tools --> Pages --> Under 'Edit Page Design' select Background and then 'Add Background';
- In Add Background window, under Source --> From color, select the color of your choice and click OK'.
You can also refer to the screenshots mentioned below: -
Error while trying to change the user password on OSX Lion
Hello,
I am trying to change the user password ( no admin user ) using the webinterface. I enabled the functionality in webservices on the server.
I can loginto the three line password changing form. After I enter the old and two times the new password, I get the information
"Your request could not be completed. The password server may be unavailable."
How can I fix this problem? I also tried https://discussions.apple.com/thread/2485167?start=0&tstart=0.
Thanks in advance for help.I currently have this error on my 10.6.8 ML server when trying to change password.
In my situation, the message definitely comes from the password policies. As soon as I use a new password that respects minimum complexity (e.g. 8 characters min, 1 lowercase letter, 1 uppercase letter, 1 number), the password changes flawlessly.
It would be nice to change this horrible message to something more meaningful... If someone has any ideas on how to do this, thanks for sharing! -
I am trying to change the country/ region on my store account. When I press the 'change country/region' section in 'my account' it does nothing.... I have moved country, so I cannot enter valid details of payment and so the store is refusing all app requests.
Has anyone a way around this please?Before you can change countries in iTunes, you will need to have a valid payment information addressed in Ireland. When you have one, you can go ahead and change the country on your account.
- sign in to iTunes
- go to Account Information page
- enter your Apple Id and password
- click on Change country or Region
- enter your new information then save
If you will have a hard time, I suggest contacting email support.
https://expresslane.apple.com/GetproductgroupList.action -
I ordered Illustrator via creative cloud for another user. I received an invitation that was accepted and tried to change the account to the name and email of the person it was ordered for. How can I get this changed and the invitation sent to the right person?
Cloud as a Gift https://forums.adobe.com/thread/1665610
-
Trying to change the country from my apple account!!!and doesn't allow me to!
Hello, i'm trying to change the country of my apple account to get in to the istore online from my country and the system doesn't allow me to. It says that i have to buy something for $0.43 that i have on my account but i've never buy or anything b4.help!
I don0t know how but when i entered the first time to Apple ID, i've already had an account... and i've never created one!
Just was created with my same hotmail account and i am using it since then..... (4 or 3 years ago).
This account is from US.
But each time that i try to change to a peruvian account to enter itunes.... and maybe get a purchaise... it says that i am not allowed!!!
And i want to cancel the money i have in the "ghost account" that i've never purchaise... and set a new one with $0.00 !!! to start to used it....!!!!
Please give me a solution right away!
Best regards.
Rosa ElenaClick here and ask the iTunes Store staff to zero your account balance.
(99669)
Maybe you are looking for
-
Can some one help me ..my boys got onto a computer that wasn't ours now it's telling me to re enter my credit card..well I don't have that any more and it wants the security code of it...my son just added a 25 iTunes card..please help..
-
I recently broke my hard drive with a magnet(on accident mind you i'm not a retard) but i put the install cd into the drive and it wouldn't recognize the hard drive that is there. I plan to put in a new hard drive myself but I want to take out the CD
-
My timeline table disappears when i scroll down to the bottom
Hi, i have put my images on after effects and everything was going well like normal, until i uploaded my final 12-20 images (im using after effects for my final 3 minute animation for uni), when i tried to scroll down to rezize these images and to ma
-
Why are PDFs blurry on my ipad 2. I am using PDF expert.
Why are PDFs blurry on my ipad 2. I am using PDF expert.
-
Can any one tell me what is SAP BASIS 620 Support Package level requirement for eCATT & Mercury QTP integration. Currently we are running eCATT on R/3 4.7 with SAP BASIS Support Package SAPKB62003. But when we are trying to integrate QTP 6.5 with eCA