Remove AD User object that is inheriting permissions

35 pts.
Tags:
Active Directory
AD
User Permissions
I have an old user account that belongs to several distribution groups. The user WAS a member of the Domain Administrators group, but has been removed from that group, and now only belongs to Domain Users group. When I attempt to move this user from a dist list, I get "You cannot remove this object, it's inheriting permissions from it's parent..." or similar. How can I find out what object the account is inheriting permissions from, so I can remove them and it? Thanks in advance. Newb :(

Answer Wiki

Thanks. We'll let you know when a new response is added.

I believe that this would be the OU that the user account is in.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Jrlokken
    Well, I don't think so. The user account lives in the Users OU, and I can find nowhere that the Users container passes on permissions to its children. Anyone else? Thanks again.
    35 pointsBadges:
    report
  • Wrobinson
    The schema in AD defines object classes and attributes, including what objects can be a parent or child of other objects. You seem pretty confident that permissions cannot be applied to the Users container in AD but I can assure you that they can. You simply may not see them because your view is set incorrectly to do so. I would check again, this time ensuring that ADUC is set to Advanced Features. You should be able to delete an object in AD by default, as long as you are a member of the Account Operators, Domain Admins groups or higher. See the following TechNet article, Delete a User Account for details. The fact that you can't is somewhat telling. Unless of course, you do not have the requisite permissions.
    5,625 pointsBadges:
    report
  • Jrlokken
    I'm not pretty confident: "...I can find nowhere..." I simply cannot see anywhere, when right-clicking the Users container, that one could assign or remove inheritance. If I'm missing it, please detail the solution for me ? I am a member of the Domain Administrators group. Somewhat telling? Can you please elaborate on what it means to you that I, being a Domain Admin, cannot remove a prior Domain Admin's account? Incidentally, I'm also a member of the Enterprise Admin group. Ok, I read the very short, uninformative TechNet article. I do appreciate the link, but I don't just jump on a forum if I can't figure something out. I've tried several things, and done comprehensive reading BEFORE posting here. I've obviously tried "right-clicking the user object and selecting Delete". That doesn't work. I've provided the error I get when I attempt to do this. Did you see that part of my original post? The user object is ONLY a member of the Users container, then belongs to several Exchange Distribution Lists. The user object is inheriting permissions "from its parent". What I need to know is (from my original post again)... "...what object the account is inheriting permissions from, so I can remove them and it?" Can you provide an answer to that direct question? How do I find out specifically where the permissions are being inherited from? Thanks for your reply, but as you can see, the things I "should" be able to do aren't working, and that's why I'm requesting assistance. In case anyone missed the original question: "
    35 pointsBadges:
    report
  • Jrlokken
    Are there any AD EXPERTS out there that can offer assistance? Thanks.
    35 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following