search for: mysecretou

...> Perfect, thank you - I can now see this attribute. I also figured out that by adding "--show-binary" to the end of the ldbsearch command I was running, I could get a more user-readable version of the security descriptor: # ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b ou=mysecretou,dc=mydomain,dc=org,dc=uk nTSecurityDescriptor --show-binary # record 1 dn: ou=mysecretou,dc=mydomain,DC=ninja,DC=org,DC=uk nTSecurityDescriptor: NDR: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x9d17 (40215...

On 04/01/16 23:26, Jonathan Hunter wrote: > The story gets deeper, also.. (nothing is ever easy, right? :-)) > > Using the ldbsearch command above, I could at least view the SIDs that have > access to the OU. > > One of them should be a group called "mysecretou Managers"; I can see from > ADUC that my user is indeed still a member of this group (so far, so good). > > However, "wbinfo -s S-1-5-21-000000000-1111111111-2222222222-1234" does not > return "DOMAIN\mysecretou Managers" as it should - but rather > "DOM...

The story gets deeper, also.. (nothing is ever easy, right? :-)) Using the ldbsearch command above, I could at least view the SIDs that have access to the OU. One of them should be a group called "mysecretou Managers"; I can see from ADUC that my user is indeed still a member of this group (so far, so good). However, "wbinfo -s S-1-5-21-000000000-1111111111-2222222222-1234" does not return "DOMAIN\mysecretou Managers" as it should - but rather "DOMAIN\mysecretou Managers...

...I can reset the permissions and regain access. I can view the data using ldbsearch when logged in as root on the DC itself - but how do I view the permissions and edit them from the commandline? The data is all present and correct: mydc1# ldbsearch -H /usr/local/samba/private/sam.ldb -s sub -b ou=mysecretou,dc=mydomain,dc=org,dc=uk [...] # returned 127 records # 127 entries # 0 referrals Even logging in as MYDOMAIN\Administrator I can't view or change the permissions of ou=mysecretou using ADUC/ADSIEdit (This is exactly as I originally set it). So, how can I change the permissions from the comman...

On 5 Jan 2016 09:59, "Rowland penny" <rpenny at samba.org> wrote: > > On 04/01/16 23:26, Jonathan Hunter wrote: >> However, "wbinfo -s S-1-5-21-000000000-1111111111-2222222222-1234" does not >> return "DOMAIN\mysecretou Managers" as it should - but rather >> "DOMAIN\mysecretou Managers 2", which is not the name of the group and is >> also not what shows up in ADUC. I wonder if this is actually the root of my >> problems. > > Probably not, if I get the sid for domain Admins an...

...> access. > > I can view the data using ldbsearch when logged in as root on the DC itself > - but how do I view the permissions and edit them from the commandline? The > data is all present and correct: > > mydc1# ldbsearch -H /usr/local/samba/private/sam.ldb -s sub -b > ou=mysecretou,dc=mydomain,dc=org,dc=uk > [...] > # returned 127 records > # 127 entries > # 0 referrals > > Even logging in as MYDOMAIN\Administrator I can't view or change the > permissions of ou=mysecretou using ADUC/ADSIEdit (This is exactly as I > originally set it). So, how can I...