Schema attribute permissions recovery

pts.
Tags:
Active Directory
Hi guys, I'd really appreciate if you could help me with problem described below. The "Full Access Deny" permissions to "Authenticated Users" have been mistakenly applied to one of the schema attribute in the forest. The attribute is the extinsionsAttribute6 from exchange add-on. Apparently nobody can access this attribute any longer to restore the permissions or just to delete and recreate the attribute. Also, this is causing the "Users and Computers" snap-in to fail when showing the Exchange advanced -Custom Attribute tab. The tab appears completely blank and some error message pops up as well. Is it possible to recover the attribute permission or delete the it from the schema. I'm aware of that authoritative restore can not be applied to the schema so I don't think I can use a backup. Please advise.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Step1 (Using Adsiedit to change the permission on the address list)
==================================================
1. Install Windows 2000 Support Tools (Located in SupportTools directory on Windows 2000 CD)
246926 Folder Listing of the Support Tools Included in Windows 2000 http://support.microsoft.com/?id=246926

2. Open ADSIEdit: On the Start menu, point to Programs, point to Windows 2000 Support Tools, Tools, and click ADSI Edit.

Note: If you cannot locate ADSIEdit or the Windows 2000 Support Tools, you can install them from the Windows 2000 Server or Advanced Server CD by running Setup from the SupportTools directory.

3. Expand the Configuration Container, expand
CN=Configuration,DC=domainname,DC=com, expand CN=Services, expand CN=Microsoft Exchange, expand CN=YourOrgName,expand CN=Address Lists Container.

4. Right Click Address list, Container, then click Security.

5. Uncheck deny permission on everyone group if it is checked.

6. Right Click CN=All Address Lists, then click Security.

7. Uncheck deny permission on everyone group.
In the Permission Entries: list, and select the following:
Type Name Permission
Apply to
Allow Authenticated Users Read This object and sub containers
Allow Authenticated users
Open address List This object and sub containers

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following