|
If there is anyone else in this situation with an upgraded domain and user accounts that don't have correct permissions, you can set user accounts back to its default permissions with dsacls.exe found in the Windows 2000 Support Tools. The syntax is:
dsacls [distinguished name of user account] /S
You can easily export all user accounts out of Active directory, delete all rows except for user objects, delete all columns except for distinguished name, make distinguished name column2, make "dsacls" column1, and make "/S" column3. Save as a batch file. Then, execute batch file to reset all AD accounts.
Cheers!
-Jason
| 
