Sometimes you need to reset the permissions of an AD Object

Most often the reason why you want to do this is due to the fact that your users have been affected by the AdminSDHolder, which has removed the default permissions and disabled inheritance. Most suggestions given is just to enable the inheritance but there are more changes which affect the user when the AdminSDHolder is enabled.

What the script does is read the default permissions and sets those on the AD object (user).

Example:

 

PowerShell
Edit|Remove
Reset-VirotADPermissions -DistinguishedName 'CN=Administrator,CN=Users,DC=virot,DC=eu'
 

For more information see my blog article.