joeware - never stop exploring... :)

Thoughts?

[Tue 08/18/2020  0:24:46.40]
E:\DEV\cpp\vs\AdMod\Debug>adfind -f ou=tobedeleted  -jsdenl

AdFind V01.53.00cppBETA Joe Richards (support@joeware.net) July 2020

Using server: LO-DC4.lockout.test.loc:389
Directory: Windows Server 2019 (10.0.17134.1)
Base DN: DC=lockout,DC=test,DC=loc

dn:OU=tobedeleted,DC=lockout,DC=test,DC=loc
[OWNER] LOCKOUT\Domain Admins
[GROUP] LOCKOUT\Domain Admins
[DACL] (FLAGS:INHERIT)
[DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];inetOrgPerson;;BUILTIN\Account Operators
[DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];computer;;BUILTIN\Account Operators
[DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];group;;BUILTIN\Account Operators
[DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];printQueue;;BUILTIN\Printer Operators
[DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];user;;BUILTIN\Account Operators
[DACL] ALLOW;;[FC];;;LOCKOUT\Domain Admins
[DACL] ALLOW;;[LIST CHILDREN][READ PROP][LIST OBJ][READ];;;NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
[DACL] ALLOW;;[LIST CHILDREN][READ PROP][LIST OBJ][READ];;;NT AUTHORITY\Authenticated Users
[DACL] ALLOW;;[FC];;;NT AUTHORITY\SYSTEM

1 Objects returned

[Tue 08/18/2020  0:24:51.87]
E:\DEV\cpp\vs\AdMod\Debug>adfind -f ou=tobedeleted -daclpipe | admod "SD##ntsecuritydescriptor::{{.}}{+D=AI(A;;[CR CHILD][DEL CHILD];;;WD)}{+O=EA}{-D=(*;*;*;*;*;AO)}{-D=(*;*;*;*;*;AO)}{+D=(DENY;;[del tree][del];;;everyone)}"

AdMod V01.21.00cppBETA Joe Richards (support@joeware.net) August 2020

DN Count: 1
Using server: LO-DC4.lockout.test.loc:389
Directory: Windows Server 2019 (10.0.17134.1)

Modifying specified objects…
   DN: OU=tobedeleted,DC=lockout,DC=test,DC=loc…

The command completed successfully

[Tue 08/18/2020  0:25:02.79]
E:\DEV\cpp\vs\AdMod\Debug>adfind -f ou=tobedeleted  -jsdenl

AdFind V01.53.00cppBETA Joe Richards (support@joeware.net) July 2020

Using server: LO-DC4.lockout.test.loc:389
Directory: Windows Server 2019 (10.0.17134.1)
Base DN: DC=lockout,DC=test,DC=loc

dn:OU=tobedeleted,DC=lockout,DC=test,DC=loc
[OWNER] LOCKOUT\Enterprise Admins
[GROUP] LOCKOUT\Domain Users
[DACL] (FLAGS:INHERIT)
[DACL] DENY;;[DEL TREE][DEL];;;Everyone
[DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];printQueue;;BUILTIN\Printer Operators
[DACL] ALLOW;;[FC];;;LOCKOUT\Domain Admins
[DACL] ALLOW;;[CR CHILD][DEL CHILD];;;Everyone
[DACL] ALLOW;;[LIST CHILDREN][READ PROP][LIST OBJ][READ];;;NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
[DACL] ALLOW;;[LIST CHILDREN][READ PROP][LIST OBJ][READ];;;NT AUTHORITY\Authenticated Users
[DACL] ALLOW;;[FC];;;NT AUTHORITY\SYSTEM

1 Objects returned