0 votes

Hello,

you wrote "To remedy the issue, try granting the account appropriate permissions to delete users as subtree in Active Directory."

How can I add the permission within Adaxes to the user object?

Administrators -> add "delete subtree" or Adaxes Service Account -> add "delete subtree"

I don't want to grant the Adaxes service account permissions on all accounts affected by AdminSDHolder by updating the ACL on the AdminSDHolder object in AD. Only the to be deleted user object should be affected.

regards Helmut

related to an answer for: Delete User issue
by (510 points)

1 Answer

0 votes
by (294k points)

Hello Helmut,

To perform operations in a managed domain, Adaxes uses the credentials specified for the domain. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html. It is not necessarily the Adaxes service account whose credentials were specified during Adaxes installation. The domain account should have all the necessary native Active Directory permissions to perform the operations you want to work in Adaxes for objects in the domain. As such, it is recommended to add the permission to delete subtree to the account over all the objects managed by Adaxes that should be available for deletion. Unfortunately, there is no possibility to manage native AD permissions for a domain in Adaxes, however, you can do it for objects in domains via the Edit Native Security option. image.png

Related questions

0 votes
1 answer

Hi there, I've created a Delete User feature in the Web Interface Configurator. I am trying to restrict object selection via a User Criteria. Need to exclude Service ... won't appear when selecting target user for the 'Delete User' feature. Thanks, David

asked Sep 19 by dshortall (80 points)
0 votes
1 answer

Hello, I would like to ensure that before a computer object is moved in Adaxes, the user must enter a ticket number, and after the input, the PC is moved to ... prompts the user to enter a ticket number before the move/delete operation? Kind regards, Fabian

asked Mar 20 by fabian.p (380 points)
0 votes
0 answers

Good Afternoon, I'm looking for some clarification on what security settings I would need to apply to the Self-Service Users to allow them to update both their own ... accounts they have full access to. Please let me know if this requires more clarification.

asked Jul 22, 2021 by jtop (700 points)
0 votes
1 answer

is it possible to allow a user to enroll for both options, or even only one option out of the two available? I would like to give my users the choice to use either. Some users may not want an authenticator, but other's might do.

asked Nov 6, 2019 by mashworth (80 points)
0 votes
1 answer

We are developing a process to mange mailboxes for terminated users. At the time of termination we would like to: convert the mailbox to a shared mailbox. Send an approval ... would run script to grant the manger access to the mailbox. Can this be done?

asked Oct 27, 2023 by mightycabal (1.0k points)
3,589 questions
3,278 answers
8,303 comments
548,115 users