I know before anyone ask's, I have made the most stupid mistake ever here but it wasn't till after I'd click through the settings that I realised what I had done.I'm currently studying for the 70-291 exam, pass a few MCP's but obviously not enough :-(Whilst watching a CBT Nugget video, I was introduced to the world of Delegation Control's for AD, big mistake !!I decided that I didn't want all of my Domain Users to be able to do anything on AD from the Root Level downwards, so I set DENY ALL PERMISSIONS at ROOT LEVEL on AD for DOMAIN USERS, not thinking that my Domain Administrator account was in this group, I honestly thought Administrators was just in Administrators & Domain Admins until I clicked Apply ..................... ooooops.Now I can't access AD at all, I know I have probably just volunteered myself to rebuild the Domain Controller but I thought as a last resort I would ask the community on here first to see if anyone knew a way I could roll back/change or just bypass the permissions I have just added.I have a Child Domain which can see the Domain I've added these permissions to but the PDC on that domain can't edit anything on the Parent Domain.Would appreciate any help where possible & I am ready for the NOOB abuse ...

you need to run console (dsa.msc) under Local System account and restore permissions. This can be done using sysinternals psexec utility.http://technet.microsoft.com/en-us/sysinternals/bb897553.aspxactually this is another way — take ownership of each object, however I would not advice this way.http://www.sysadmins.lv