Ok so the other day “we” as a community put out some guidance around post active directory compromise actions for when you can’t simply nuke the forest from orbit. Well, following on from that a friend asked about how to restore AdminSDHolder permissions?
So, here’s an easy method using ADSIEdit. We connect to the default naming context, locate the AdminSDHolder container and click PROPERTIES. We then go to security, advanced and then click Restore Defaults!
Then inheritance will take effect and we will have the clean set of permissions. We will now want to force a replication using repadmin /syncall (be mindful of your topology and replication)
And there we have it. The ADMINSDHOLDER permissions are reset and replicated to the domain.
If someone wants to write a PowerShell script, feel free and give me a shout and I’ll reference It here!