AD LDS: Reset Configuration Partition Administrator Permission

Marcel Mertens 1 Reputation point
2020-11-30T13:16:37.917+00:00

Hi Everyone,

we take over the mangement of an AD LDS instance of a new customer.
Unfortunately the former MSP deleted the admin account of the AD LDS configuration partition which was used during the installation.
My admin account is admin of the application partition, but not of the configuration partition.
Is there any change to reset or recover of the admin permission?

Kind Regards,

Marcel

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,799 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Vicky Wang 2,641 Reputation points
    2020-12-01T09:28:25.39+00:00

    system Restore rollback replaces the entire registry hives from a previous snapshot. This is a convenient option if your group membership was recently changed; System Restore would restore your previous settings.

    In the Recovery Options, click System Restore.
    You’ll be asked to choose a target Operating System. Choose the Operating System.
    Click Next in the System Restore window.
    Click Show more restore points check box (if available)
    Select the appropriate restore point from the list based on the date when the system was working fine.
    Click Next and click Finish.

    reference:https://www.winhelponline.com/blog/locked-user-account-lost-admin-privileges-rescue/
    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.

    Hope this information can help you
    Best wishes
    Vicky

    0 comments No comments

  2. Marcel Mertens 1 Reputation point
    2020-12-01T10:44:13.61+00:00

    Hi,
    Thank you for your answer.
    After analysing older logfiles:

    • AD LDS Service was installed 2013 on a W2K8R2 Serverwith a Domain Account as AD LDS Configuration Partition Admin
    • I don't know if any other account was added to the Configuration Partition Admin group
    • This domain account was delete a while ago (not recoverable)

    My Question:

    1. Is there any way to figure out who is member of the config partiton admin group?
    2. Is there any way to add a new account to the group?
    0 comments No comments

  3. Vicky Wang 2,641 Reputation points
    2020-12-03T09:19:16.013+00:00

    connect to configuration partition in ADSIEdit, in the security tab of properties , we can found the ACL list of configuration partition.
    as configuration partition is a forest level partition, the admin need to be in root domain admin group or enterprise admin group.
    44746-capture4.png

    Hope this information can help you
    Best wishes
    Vicky

    0 comments No comments

  4. Marcel Mertens 1 Reputation point
    2020-12-03T10:15:05.973+00:00

    Hi, i'm talking about Active Directory Lightwave Directory Service (AD LDS) not Active Directory

    0 comments No comments