AdminSDHolder removal

Abdulrahman 101 Reputation points
2023-03-22T14:40:26.4166667+00:00

Hi all,

I have some users detected as AdminSDHolder, How can I remove them from this feature or permission?

Thank you.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,413 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 32,831 Reputation points
    2023-03-22T15:00:41.9833333+00:00

    Hi @Abdulrahman

    AdminSHolder is the delagation model used by SDProp process in order to protect AD accounts with high privilege.

    When a user account is membre of one of privileged groups in active directory , it will automatically protected by applying the same permissions as AdminSHolder , set the value 1 in AdminCount attribut and disable inhereted permission

    To disable it , you have to :

    • Remove user account from priviled group
    • Cleat the attibut Admincount
    • Renable inhereted permissions

    For more details you can read the following link :

    Protected Accounts and Groups in Active Directory

    ***Please don't forget to mark helpful answer as accepted

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.