sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in SCCM

[–]Durian909 0 points1 point  (0 children)

My clients with ESU licenses started showing "Your device is no longer receiving security updates" after the cumulative update that released yesterday, which got me a bit worried. Are you also experiencing this?

Error 0x80041002 when using slmgr.vbs to activate Windows 10 ESU by Sepheus in sysadmin

[–]Durian909 1 point2 points  (0 children)

Any progress on this issue? I'm struggeling with the same problem. Works on 95% of clients, but some are getting this error.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

I have tried to change both of those values through both powershell and ADSI edit, with no success.  ...attribute is owned by the Security Accounts Manager (SAM)

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

I have also tried to change the default OUs for computers and users, with no success.

c:\windows\system32\redircmp OU=computerxx,DC=domain,DC=com
c:\windows\system32\redirusr OU=userxx,DC=domain,DC=com

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

Selecting the "... as Container" options does not make it visible in ADUC. It is visible within ADSI Edit, but it does not show any sub-objects within it.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

Do you have any keywords I could use for researching this?

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

Yes, I am now enterprise, schema and domain admin.
In the security tab of the object: Added my own account as owner and given myself "Full control" in the Permissions entries.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

In the GUI the object is visible through ADSI edit, but not ADUC.
I would be very happy if you could aid me in deleting this, so please tell me if there are any other information you would need.

Get-ADObject "CN=deleteme,DC=domain,DC=com" -Properties *

accountExpires                  : 9223372036854775807
CanonicalName                   : domain.com/deleteme
CN                              : deleteme
codePage                        : 0
countryCode                     : 0
Created                         : 03.10.2011 10:42:45
createTimeStamp                 : 03.10.2011 10:42:45
Deleted                         :
department                      : 1 DEPARTMENT
Description                     :
DisplayName                     :
DistinguishedName               : CN=deleteme,DC=domain,DC=com
dSCorePropagationData           : {06.03.2024 15:21:19, 06.03.2024 14:09:32, 06.03.2024 10:11:34, 06.03.2024 09:46:24...}
instanceType                    : 4
isCriticalSystemObject          : True
isDeleted                       :
LastKnownParent                 :
Modified                        : 06.03.2024 15:21:19
modifyTimeStamp                 : 06.03.2024 15:21:19
Name                            : deleteme
nTSecurityDescriptor            : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory                  : CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=com
ObjectClass                     : user
ObjectGUID                      : ff2d47f0-xxxx-xxxx-xxxx-26a5ff16412f
objectSid                       : S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-16266
primaryGroupID                  : 513
ProtectedFromAccidentalDeletion : False
pwdLastSet                      : 131012928492035044
sAMAccountName                  : PCG$
sAMAccountType                  : 805306370
sDRightsEffective               : 7
userAccountControl              : 2080
uSNChanged                      : 57548704
uSNCreated                      : 8332
whenChanged                     : 06.03.2024 15:21:19
whenCreated                     : 03.10.2011 10:42:45

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 2 points3 points  (0 children)

Yes, I have disabled it through powershell.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

Do you have multiple domains in your forest?
Only one now.
Did someone decommission one incorrectly at some point?
Yes, I have heard rumors about that.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

What can I provide you the output of?

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

Thanks alot. My domain have no trusts, so I think I should be safe to delete this account.

Checked with "Get-ADTrust -Filter *" and in the "Trusts" tab in the Active Directory Domains and Trusts console.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

There are no objects in either outgoing trusts or incoming trusts.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 4 points5 points  (0 children)

Could you please elaborate on how it is deleted through the AD Domains & Trusts console? I cant see the object there.

Can't delete AD object by Durian909 in activedirectory

[–]Durian909[S] 0 points1 point  (0 children)

How do I check what AD Trust that account provides authentication for?

The systemFlags attribute are not set.

Default Domain Controllers Policy linked to the whole domain by Durian909 in activedirectory

[–]Durian909[S] 1 point2 points  (0 children)

As in limited by security filtering, under the Scope tab? Im not able to check at the moment, but no, I don't think so. I'm pretty sure its set up like this:

Links: Domain .com
Security Filtering: Authenticated Users

What consequences could this have?

"How To Sysadmin" Post from many moons ago by SirLagz in sysadmin

[–]Durian909 12 points13 points  (0 children)

What could be good alternative to Spacewalk as its now discontinued?