question

SudipSingha-4346 avatar image
0 Votes"
SudipSingha-4346 asked VickyWang-MFST answered

Account operators user not able to modify certain users who were part of Account operators group

There were certain users who were part of Account operators group, and now have been removed.
admincount attribute vale has been set to 0 or <notset>

Now users of Accounts operators group are not able to make changes to the users who were previously in the Account operators group

Kindly help

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Assign permissions to security groups for resources.

Permissions are different than user rights. Permissions are assigned to the security group for the shared resource. Permissions determine who can access the resource and the level of access, such as Full Control. Some permissions that are set on domain objects are automatically assigned to allow various levels of access to default security groups, such as the Account Operators group or the Domain Admins group.

Security groups are listed in DACLs that define permissions on resources and objects. When assigning permissions for resources (file shares, printers, and so on), administrators should assign those permissions to a security group rather than to individual users. The permissions are assigned once to the group, instead of several times to each individual user. Each account that is added to a group receives the rights that are assigned to that group in Active Directory, and the user receives the permissions that are defined for that group.

Some details here on groups.
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups#active-directory-default-security-groups-by-operating-system-version

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.