Adaxes

Granting "Allow Delete subtree" ACL to a user object

0 votes

Hello,

you wrote "To remedy the issue, try granting the account appropriate permissions to delete users as subtree in Active Directory."

How can I add the permission within Adaxes to the user object?

Administrators -> add "delete subtree" or Adaxes Service Account -> add "delete subtree"

I don't want to grant the Adaxes service account permissions on all accounts affected by AdminSDHolder by updating the ACL on the AdminSDHolder object in AD. Only the to be deleted user object should be affected.

regards Helmut

related to an answer for: Delete User issue
by (510 points)

1 Answer

0 votes
by (272k points)

Hello Helmut,

To perform operations in a managed domain, Adaxes uses the credentials specified for the domain. For information on how to check/change the account, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.ChangeManagedDomainLogonInfo.html. It is not necessarily the Adaxes service account whose credentials were specified during Adaxes installation. The domain account should have all the necessary native Active Directory permissions to perform the operations you want to work in Adaxes for objects in the domain. As such, it is recommended to add the permission to delete subtree to the account over all the objects managed by Adaxes that should be available for deletion. Unfortunately, there is no possibility to manage native AD permissions for a domain in Adaxes, however, you can do it for objects in domains via the Edit Native Security option. image.png

Related questions

0 votes
1 answer
Prompt the user to insert a ticket number before a move/delete operation

Hello, I would like to ensure that before a computer object is moved in Adaxes, the user must enter a ticket number, and after the input, the PC is moved to ... prompts the user to enter a ticket number before the move/delete operation? Kind regards, Fabian

asked Mar 20 by fabian.p (150 points)
0 votes
0 answers
Permissions to allow a self-service user to set out-of-office replies on mailboxes they have direct full control over

Good Afternoon, I'm looking for some clarification on what security settings I would need to apply to the Self-Service Users to allow them to update both their own ... accounts they have full access to. Please let me know if this requires more clarification.

asked Jul 22, 2021 by jtop (680 points)
0 votes
1 answer
Is there a way to allow a user to reset password with authenticator or answering questions?

is it possible to allow a user to enroll for both options, or even only one option out of the two available? I would like to give my users the choice to use either. Some users may not want an authenticator, but other's might do.

asked Nov 6, 2019 by mashworth (80 points)
0 votes
1 answer
Can we script granting a manager access to a user's mailbox?

We are developing a process to mange mailboxes for terminated users. At the time of termination we would like to: convert the mailbox to a shared mailbox. Send an approval ... would run script to grant the manger access to the mailbox. Can this be done?

asked Oct 27, 2023 by mightycabal (1.0k points)
0 votes
1 answer
How can I add a user to multiple groups provided via a Webinterface Directory object picker parameter?

I have tried it using the Custom Commands Action "Add the user to a group", which only allows me to add the user to one group at a time, and can't use the multiple DNs that the ... I can't get it to work. Could you assist me in finding the best way to do this?

asked Jan 16 by dominik.stawny (160 points)
3,346 questions
3,047 answers
7,782 comments
544,982 users