MCSE.NET Certification Forum  

Go Back   MCSE.NET Certification Forum > Microsoft Certification
Protect Objects in Windows Server 2003 Active Directory from Accidental Deletion Protect Objects in Windows Server 2003 Active Directory from Accidental Deletion
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Download Real Exam Questions for VMware VCP-410, VCP VCP 4, CCNA 640 802, Cisco 640-802 Dumps. It has never been this easy to pass your certification exam at first attempt before, now with the help of real exams website you can pass any of your exam with 100% guaranteed or they will provide you full refund for the money you have spent. The more you learn the more you will earn and the easier you life will be later on in the future.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-30-2009, 06:09 AM
Junior Member
  
Join Date: Jun 2009
Posts: 11
Default Protect Objects in Windows Server 2003 Active Directory from Accidental Deletion
Using Active Directory Users and Computers
To protect an OU from accidental bulk deletion follow these steps:

1. Log on to the computer as a member of the Domain Admins group.

2. Open Active Directory Users and Computers from the Start Menu -> Administrative Tools folder, or by typing DSA.MSC in the Run command.

3. First, apply permissions on the OU that you want to protect. To do this, right-click the OU that you want to protect, and then click Properties.

4. In OU Properties, click the Security tab, and then click Advanced.

Note: The Security tab is not displayed by default. To see it you need to close the property sheet, and in the ADUC View menu, select Advanced Features.


5. On Advanced Security Settings, click Add, type Everyone, and then click OK.


6. In Permission Entry, in Permissions, select the Deny check boxes for Delete and Delete subtree. Select the check box for Apply these permissions to objects and/or containers within this container only.


7. Click OK to close Permission Entry.


8. On Advanced Security Settings, click Apply.

9. Review the Windows Security warning, and then click Yes to continue.


10. Click OK to close the Advanced Security Settings, and then click OK to close OU Properties.

11. Next, apply permissions to the parent container of the OU that you want to protect. To do this, right-click the parent container, and then click Properties.


12. Container Properties, click the Security tab.

13. Click Add, type Everyone, and then click OK.

14. In Permissions for Everyone, select the Deny check box for Delete All Child Objects, and then click Apply.


15. Review the Windows Security warning, and then click Yes to continue.

16. Click OK to close Container Properties.
Now, try to delete the OU. You'll get an Access Denied prompt.

Warning: Try the deletion action at your own risk, don't come crying to me if you accidentally deleted your entire company's users. This tip works, it worked for me, it works for everyone, but I cannot guarantee that you followed my instructions precisely.
Another warning: If you do try to see if it works for you or not, do it on a test OU that you've created for this purpose first. Also, make sure you have a good backup of your Active Directory.
To remove the protection, remove the Deny ACEs that you added for the Everyone group.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 08:00 AM.

Contact Us - MCSE.NET Certification Discussion Forum - Archive - Top

Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0