Schema attribute permissions recovery
Hi guys, I'd really appreciate if you could help me with problem described below.
The "Full Access Deny" permissions to "Authenticated Users" have been mistakenly applied to one of the schema attribute in the forest. The attribute is the extinsionsAttribute6 from exchange add-on.
Apparently nobody can access this attribute any longer to restore the permissions or just to delete and recreate the attribute. Also, this is causing the "Users and Computers" snap-in to fail when showing the Exchange advanced -Custom Attribute tab. The tab appears completely blank and some error message pops up as well. Is it possible to recover the attribute permission or delete the it from the schema.
I'm aware of that authoritative restore can not be applied to the schema so I don't think I can use a backup.
Please advise.
Software/Hardware used:
Software/Hardware used:
ASKED:
November 13, 2004 5:17 PM
UPDATED:
November 13, 2004 6:00 PM
RELATED QUESTIONS
- Active Directory LDAP, Set Custom Security Persmissions on 3 Attributes, not the whole class
- How to share Outlook Calendar using Active Directory
- encryption and decryption WIN XP PRO SP2 PRE-INSTALL FROM DELL
- Mystery Rule in Outlook
- Grant "Read Only" access on a shared mailbox with Exchange Management Shell
Answer Wiki:
Step1 (Using Adsiedit to change the permission on the address list)
==================================================
1. Install Windows 2000 Support Tools (Located in SupportTools directory on Windows 2000 CD)
246926 Folder Listing of the Support Tools Included in Windows 2000 http://support.microsoft.com/?id=246926
2. Open ADSIEdit: On the Start menu, point to Programs, point to Windows 2000 Support Tools, Tools, and click ADSI Edit.
Note: If you cannot locate ADSIEdit or the Windows 2000 Support Tools, you can install them from the Windows 2000 Server or Advanced Server CD by running Setup from the SupportTools directory.
3. Expand the Configuration Container, expand
CN=Configuration,DC=domainname,DC=com, expand CN=Services, expand CN=Microsoft Exchange, expand CN=YourOrgName,expand CN=Address Lists Container.
4. Right Click Address list, Container, then click Security.
5. Uncheck deny permission on everyone group if it is checked.
6. Right Click CN=All Address Lists, then click Security.
7. Uncheck deny permission on everyone group.
In the Permission Entries: list, and select the following:
Type Name Permission
Apply to
Allow Authenticated Users Read This object and sub containers
Allow Authenticated users
Open address List This object and sub containers
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
