• Home
  • About
  • Services
  • Blog
Worton Tech Ltd
Social Links

AD Connect Export Error - Enable Inheritance on AD Users via Powershell

31/7/2019

0 Comments

 
I encounted a weird problem where Azure AD connect was having an issue doing password writeback on the users. I checked invoke-adsyncdiagnostics and inded there was an issue with Password Sync. 

​Looking into the issue, it was AD Objects that had inheritance disabled, in particular, users. 

​So this script allowed me to set the inheritance on the OU:
​
Function Set-Inheritance {
    param($ObjectPath)
    $ACL = Get-ACL -path "AD:\$ObjectPath"
    If ($acl.AreAccessRulesProtected){
         $ACL.SetAccessRuleProtection($False, $True)
        Set-ACL -AclObject $ACL -path "AD:\$ObjectPath"
        Write-Host "MODIFIED "$ObjectPath
    } #End IF
} #End Function Set-Inheritance
#Find user with AdminCount set to 1
$users = get-aduser -SearchBase "OU=YOUR_OU,DC=DOMAINNAME,DC=COM" -Filter {AdminCount -eq 1}
#Enable inheritance flag for each user
$users | foreach {Set-Inheritance $_.distinguishedname}

​
​After this, no errors were appearing. 
0 Comments



Leave a Reply.

    Author

    Kevin Worton. Technology Consultant.

    View my profile on LinkedIn

    Archives

    May 2019
    August 2018
    June 2018
    May 2018
    March 2018
    May 2017
    December 2016
    November 2016
    September 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    December 2015
    November 2015
    September 2015
    May 2015

    Categories

    All

    RSS Feed

Home

About

Services

Copyright Worton Tech © 2019