LDAP returned the error [32] Insufficient Rights when importing the transaction.
The service could not update the entry 'CN=User Name,OU=Special,,DC=local' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disable explicitly by an administrator. DC=footasylumltd,DC=local
Fixed by open the user detailed in the event and clicking the 'security' tab, click 'Advanced' and select/enable Include inheritable permissions from this object's parent.
You can easily find out who does not have this attribute set by installing AD Cmdlets tools and running this command.
Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}
No comments:
Post a Comment