Tweet
I am experiencing odd behavior from Hyena while in the properties of a user account. I am not sure this ever worked.
Scenario: A user attempts to login incorrectly 5 times. The user account is then locked out for 30 minutes.
I can use hyena to see that the users account is locked but if I try to unlock the account with Hyena I get "Unable to save Active Directory data. Access is denied. --Extended Error --- LDAP Provider : 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0"
I am aware that the error message is a rights issue but there is no rights issue in AD.
Here are the facts:
- This issue only happens when I am in the properties for the account and try to “uncheck†the box that reads “Account Locked Out†or I try to change the password from the General tab of the properties page. If I right click the user from the “All Users†list and choose “Account Functions > Reset Password or Unlock Account it works fine.
- The user account that I run hyena from is a member of the Helpdesk Operators group. This group has been delegated the rights to read/write lockout time in AD.
- This user account CAN unlock a user account with ADUC (dsa.msc) from a Windows XP workstation as himself logged onto the domain (not using runas)
- The account in question is NOT a member of any administrative groups. It is just a domain user, set up for testing this problem.
- This has never worked in Hyena and I want to see if we can get it working.
Please advise.
John
P.S. Also just realized that Hyena is not refreshing AD data. 30 minutes has passed since the test account was locked out and is now unlocked in AD. Hyena still shows the account as locked. I closed Hyena multiple times in an effort get it to refresh and it did not work. What's up with this application?
Scenario: A user attempts to login incorrectly 5 times. The user account is then locked out for 30 minutes.
I can use hyena to see that the users account is locked but if I try to unlock the account with Hyena I get "Unable to save Active Directory data. Access is denied. --Extended Error --- LDAP Provider : 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0"
I am aware that the error message is a rights issue but there is no rights issue in AD.
Here are the facts:
- This issue only happens when I am in the properties for the account and try to “uncheck†the box that reads “Account Locked Out†or I try to change the password from the General tab of the properties page. If I right click the user from the “All Users†list and choose “Account Functions > Reset Password or Unlock Account it works fine.
- The user account that I run hyena from is a member of the Helpdesk Operators group. This group has been delegated the rights to read/write lockout time in AD.
- This user account CAN unlock a user account with ADUC (dsa.msc) from a Windows XP workstation as himself logged onto the domain (not using runas)
- The account in question is NOT a member of any administrative groups. It is just a domain user, set up for testing this problem.
- This has never worked in Hyena and I want to see if we can get it working.
Please advise.
John
P.S. Also just realized that Hyena is not refreshing AD data. 30 minutes has passed since the test account was locked out and is now unlocked in AD. Hyena still shows the account as locked. I closed Hyena multiple times in an effort get it to refresh and it did not work. What's up with this application?
Comment