0 votes

Hello,

you wrote "To remedy the issue, try granting the account appropriate permissions to delete users as subtree in Active Directory."

How can I add the permission within Adaxes to the user object?

Administrators -> add "delete subtree" or Adaxes Service Account -> add "delete subtree"

I don't want to grant the Adaxes service account permissions on all accounts affected by AdminSDHolder by updating the ACL on the AdminSDHolder object in AD. Only the to be deleted user object should be affected.

regards Helmut

related to an answer for: Delete User issue
by (1.5k points)

1 Answer

0 votes
by (189k points)

Hello Helmut,

To perform operations in a managed domain, Adaxes uses the credentials specified for the domain. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html. It is not necessarily the Adaxes service account whose credentials were specified during Adaxes installation. The domain account should have all the necessary native Active Directory permissions to perform the operations you want to work in Adaxes for objects in the domain. As such, it is recommended to add the permission to delete subtree to the account over all the objects managed by Adaxes that should be available for deletion. Unfortunately, there is no possibility to manage native AD permissions for a domain in Adaxes, however, you can do it for objects in domains via the Edit Native Security option. image.png

Related questions

0 votes
1 answer

is it possible to allow a user to enroll for both options, or even only one option out of the two available? I would like to give my users the choice to use either. Some users may not want an authenticator, but other's might do.

asked Nov 6, 2019 by mashworth (290 points)
0 votes
1 answer

I know I can set the "User must change password at next logon" flag, but noticed when I do that, they can no longer log in to Self-Service.

asked Oct 1 by RickWaukCo (1.8k points)
0 votes
1 answer

Hello, Is it possible to grant members of a business unit permission to run a custom command? I know I'm able to give permission to a user/group to run a cmd on a business ... that can run the command. I've not been successful with any of my attempts to do so.

asked Mar 23, 2017 by JoCCCsa (510 points)
0 votes
1 answer

We created a Scheduled Task and chose our user organisational unit as the activity scope. Then we realized that only about 10 % of the users are object-type: user and 90 % object- ... s no option in adaxes. But there is one for the object type User. Why that ?

asked Dec 5, 2019 by PGstoehl (690 points)
0 votes
1 answer

I have setup a form to allow HR to edit some details on AD accounts. Currently the scope is limted to only AD object under one pre-chosen OU. The other option is an ldap filter. How can I allow this action to display user accounts from two seperate OU

asked Nov 18, 2019 by ice-dog (940 points)
2,352 questions
2,107 answers
5,746 comments
132,606 users