Ask a new question

DSACLS applied to a group is not delegating the right

Im trying to grant "Resultant Set of Policy (Logging) to an Active Directory group using dsacls;

dsacls.exe "ou=Disabled Computers,dc=domain,dc=local" /I:T /G "DOMAIN\RBAC-Workstations-Admin":CA;"Generate Resultant Set of Policy (Logging)"

but the menu option in ADUC stays grey out for group members. Using the exact same command for a user eg.

dsacls.exe "ou=Disabled Computers,dc=domain,dc=local" /I:T /G "DOMAIN\unprivileged.user":CA;"Generate Resultant Set of Policy (Logging)"

works fine. There has been no issue using the RBAC group name with other permissions applied by DSACLs just this one. If the group is delegated the right via the GUI wizard it works fine.

Checking the Advanced permissions shows that the same right is assinged using dsacls and the GUI wizard.

What is happening ?????

|
Answer
Answer

Hi C............,

 

Thank you for posting in the Microsoft Community Forums.

 

 

Potential Causes:

  1. Permission Propagation Delay: Sometimes, permission changes take time to propagate across the domain. If you have just applied the permission changes, it might take a few minutes to several hours to take effect.

  2. Group Membership Caching: Active Directory may cache group membership information. Group members might need to log out and back in to obtain the new permissions, or refresh their group membership cache.

  3. Scope of Permission Application: Ensure that the /I:T parameter in the dsacls command correctly applies inheritance. If inheritance is missing or incorrectly specified, permissions might not propagate correctly to objects.

  4. ADUC Tool Display Issue: Sometimes, the ADUC tool may not immediately reflect permission changes. Try closing and reopening the ADUC tool or viewing it on another machine.

 

 

Best regards

Neuvi Jiang

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated June 7, 2024 Views 34 Applies to: