Recipe 14.13 Resetting an Object's ACL to the Default Defined in the Schema

14.13.1 Problem

You want to reset an object's ACL to the one defined in the schema for the object's object class.

14.13.2 Solution

14.13.2.1 Using a graphical user interface

This is available only in the Windows Server 2003 version of the ACL Editor.

  1. Open the ACL Editor. You can do this by viewing the properties of an object (right-click on the object and select Properties) with a tool, such as Active Directory Users and Computers (ADUC) or ADSI Edit. Select the Security tab. To see the Security tab with ADUC, you must select View Advanced Features from the menu.

  2. Click the Advanced button.

  3. Click the Default button.

  4. Click OK twice.

14.13.2.2 Using a command-line interface
> dsacls <ObjectDN> /s

14.13.3 Discussion

For more on the default security descriptor, see Recipe 14.11.



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List