Blog Of Directory Service
  • ···
  • Home
  • ···
  • ···
  • About Me
  • ···
  • ···
  • Contact Me
  • ···
  • ···
LinkedInTechNet
Post Page
Home/Blog/Post/

Bulk change specific permissions for users

  • Post On 2015-04-23

A friend of mine recently had problems regarding uploading certificates to GAL. As a matter of fact the users were unable to upload certificates when they choose "Publish To GAL". In this case the most errors you get is "Microsoft office Outlook was unable to publish your certificates. The server may be offline or your certificates may be invalid". 

He was pretty much sure that the server is available, so we decided to re-check the security permissions for user objects and we found the problem.

In order to allow the users to successfully upload the certificates to GAL, you need to add SELF permission to the user objects. To be more precise these SELF permissions are needed for a successful upload:

  • Read Personal Information
  • Write Personal Information
  • Read Phone and Mail Options
  • Write Phone and Mail Options
  • Read Web Information
  • Write Web Information

So we decided to change the permissions on all the users (approximately 500) and re-check the problem. The script below will add the required permissions in order to have a successful upload of certificates to GAL.

Get-ADUser -Filter * -SearchBase "ou=Users,dc=Contoso,dc=Com" | % {Invoke-Expression -Command:('dsacls "{0}" /G SELF:GRGE' -f $_.Distinguishedname)}

Running the commands above in PowerShell with Active Directory module installed, the problem was gone.

PowerShell
  • (0)
  • (287)
Mahdi Tehrani

info@mahditehrani.ir

Leave a comment
Comments
Search
Categories
Concepts (4)
Group Policy (1)
Active Directory (13)
PowerShell (2)
Latest Posts

Why NTDS size is different on different Domain Controllers?

  • Post On 2018-05-28

Limit Active Directory user login to 1 session

  • Post On 2017-08-24

Protect your domain against WannaCry malware

  • Post On 2017-05-23

The auditor of auditors: 'LepideAuditor Suite'

  • Post On 2017-05-23

‘List Object Mode’ in Active Directory, a myth or future settings?

  • Post On 2017-04-23

Fix Group Policy error 1058

  • Post On 2016-04-22

Bulk change specific permissions for users

  • Post On 2015-04-23

Create Shadow Groups (Dynamic Groups) in Active Directory

  • Post On 2015-03-23

Manipulate delegation wizard in Active Directory

  • Post On 2014-10-22

Am I locked out? Where? How?

  • Post On 2014-10-22
!APP License
Copyright © 2023 TondarNet V1.0.0