Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The type of modification made to the runProtectAdminGroupsTask attribute and the values specified in the LDAP Modify operation have no significance. If the DC is the PDC FSMO role owner, an LDAP Modify of the runProtectAdminGroupsTask attribute causes the DC to run the AdminSDHolder protection operation (section 3.1.1.6.1). Otherwise, the Modify request does not have any effect. The requester MUST have the "Run-Protect-Admin-Groups-Task" control access right on the domain root of the DC. The LDAP server returns success after the AdminSDHolder operation has completed.
An LDIF sample that performs this operation is shown as follows.
-
dn: changetype: modify add: runProtectAdminGroupsTask runProtectAdminGroupsTask: 1 -