No announcement yet.

fully disable adminsdholder functionality

  • Filter
  • Time
  • Show
Clear All
new posts

  • fully disable adminsdholder functionality

    Ok, first, I know that this is NOT a recomended practice, and that this safeguard was put in for a reason. However, I have some specific reasons why I want to do this. Here is what I am aiming to do:

    1. the ability to prevent the adminsdholder ACL from applying to domain admins, or at least prevent it from being applied to a subgroup/user within domain admins. I know that supposedly domain admins is one of the groups you cannot exclude using the dshueristics method. I need to know how to do this another way.

    2. totally disable the adminsdholder/sdprop process all together.

    I know that you can modify the ACL template that gets applied to protected groups. That is not what I want. I want the ability to customize AD the way I see fit.

  • #2
    Re: fully disable adminsdholder functionality


    Check Method 3 from this article. Although it says that its for 2000 but you can give it a try if you have lab env that would be better. Basically changing the security acl of adminsdholder
    Thanks & Regards

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect

    Show your appreciation for my help by giving reputation points