Tuesday, November 13, 2007

How to Change System Only Attributes

Using ADSearch allows you to extract object properties, however, not all properties of an object are changable. If you need to change Active Directory object properties that are set as system only there is a registry key setting that will allow you to set these properties.

I strongly recommend caution when changing system only properties.

By adding a registry key to the PDC Emulator or FSMO DC the registry key will allow you to change system-only attributes.

Key: HKEY_LOCAL_MACHINE
Path: System\CurrentControlSet\Services\NTDS\Parameters
Value name: Allow System Only Change
Data type: REG_DWORD
Value data: 1

2 comments:

  1. Anonymous6:06 AM

    It does not work on 2003, is there another trick ?
    Thanks for your help.

    ReplyDelete
  2. Which AD object and attribute are you trying to change??

    ReplyDelete

Note: Only a member of this blog may post a comment.