I have some very odd security settings that have been set on some of the user/computer objects in AD. Is it safe to reset all the objects in thedomain to the defaults using dsacls.exe?Exampledsacls.exe DC=Microsoft,DC=Com /s /thttp://support.microsoft.com/kb/281146

Hi, It should be safe. However, you may need to re-add some permissions after you reset the default permission on the domain. For example, Exchange permissions may need to be re-added with Exchanges version domain or forestprep. As a result, I suggest that you can just delete the unnecessary permission for the objects. Thanks.

Well the tool reset permissions back to the default for the object based on the AD schema so shoultnt that have been updated when Exchange was installed? I ran a few tests on specific users, and OU's and it seemed to work great.

Hi, It should work properly. However, we ever encountered an issue that we needed to re-add Exchange permissions after we reset the default permission on the domain. It is always recommended that you perform a full backup before resetting the permissions on a production server.

Thanks,The tool ran ok, but for some reason missed some accounts. On those accounts I had to manually go in to the security tab in AD users & computers go to advanced and click the default button. After doing that Exchange started working again for them.Odd that the tool would miss some accounts.