I am just having all sorts of problems. weird. now there is a user that I cannot delete from my control panel. I verified I am logged in as super admin. I am getting a access denied error as if I didn’t have the proper rights. If I create a new user, I can delete it just fine. Are there any attributes I can check to see if this particular user is different from everyone else?
2015-07-07 07:38:33,896 ::: [21] DEBUG ::: CloudPanel.CPStaticHelpers — Checking if company MYH is enabled for Exchange
2015-07-07 07:38:34,177 ::: [24] DEBUG ::: CloudPanel.Code.ValidateClaims — Validating permissions for company code MYH and role ViewUser
2015-07-07 07:38:34,177 ::: [24] DEBUG ::: CloudPanel.Code.ValidateClaims — Checking if user is a super admin
2015-07-07 07:38:34,256 ::: [24] DEBUG ::: CloudPanel.Modules.UsersModule — Search value was
2015-07-07 07:38:39,630 ::: [22] DEBUG ::: CloudPanel.Code.ValidateClaims — Validating permissions for company code MYH and role DeleteUser
2015-07-07 07:38:39,630 ::: [22] DEBUG ::: CloudPanel.Code.ValidateClaims — Checking if user is a super admin
2015-07-07 07:38:39,646 ::: [22] DEBUG ::: CloudPanel.Modules.UsersModule — Opening connection to delete user for MYH
2015-07-07 07:38:39,646 ::: [22] DEBUG ::: CloudPanel.Modules.UsersModule — Validating parameters
2015-07-07 07:38:39,646 ::: [22] DEBUG ::: CloudPanel.Modules.UsersModule — Getting company code and userprincipalname for MYH
2015-07-07 07:38:39,677 ::: [22] DEBUG ::: CloudPanel.Modules.UsersModule — Getting user 61353309-be63-4cd0-8473-4bb2caf1cb07 from database
2015-07-07 07:38:40,146 ::: [22] DEBUG ::: CloudPanel.Modules.UsersModule — Deleting 61353309-be63-4cd0-8473-4bb2caf1cb07 from Active Directory
2015-07-07 07:38:40,146 ::: [22] DEBUG ::: CloudPanel.ActiveDirectory.ADUsers — Retrieving the PrincipalContext…
2015-07-07 07:38:40,146 ::: [22] DEBUG ::: CloudPanel.ActiveDirectory.ADUsers — Attempting to retrieve user 61353309-be63-4cd0-8473-4bb2caf1cb07
2015-07-07 07:38:40,302 ::: [22] ERROR ::: CloudPanel.ActiveDirectory.ADUsers — Failed to delete user 61353309-be63-4cd0-8473-4bb2caf1cb07. Exception: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsDeleteOps.DeleteObject(Int32 flags)
at System.DirectoryServices.DirectoryEntry.DeleteTree()
at CloudPanel.ActiveDirectory.ADUsers.Delete(Guid userGuid)
2015-07-07 07:38:40,334 ::: [22] DEBUG ::: CloudPanel.Modules.UsersModule — Error deleting user: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsDeleteOps.DeleteObject(Int32 flags)
at System.DirectoryServices.DirectoryEntry.DeleteTree()
at CloudPanel.ActiveDirectory.ADUsers.Delete(Guid userGuid)
at CloudPanel.Modules.UsersModule.<.ctor>b__5d(Object _)
2015-07-07 07:38:48,583 ::: [23] DEBUG ::: CloudPanel.Code.ValidateClaims — Validating permissions for company code MYH and role ViewUser
2015-07-07 07:38:48,599 ::: [23] DEBUG ::: CloudPanel.Code.ValidateClaims — Checking if user is a super admin
This issue was resolved.
The problem was the user was added to the domain admin group or other protected security group at one time. Doing this disables inheritance and modifies security permissions. Settings the permissions back to default and enabling inheritance resolved the issue.
I’m online. Its 9pm CST
I’ll email you tonight at 9pm CST.
I’m available tonight around 9pm CST if you want to email me.
what is your availability? I can get you into my system if you like.
Honestly I do not think I can troubleshoot this anymore through the forums and would need access to your system to investigate further.
No, if i’am delete a user in the AD i get no error’s nothing.
I do not know why yet that Active Directory is throwing a ACCESS DENIED error. I am calling DeleteTree when attempting to delete the user.
If you try to delete the user using Active Directory do you get a prompt about it containing child objects?
Yes, the user that is running the app pool is the same user that I have under my settings configuration. and its the domain administrator user.
Can you please just double check the following”:
- CloudPanel server is domain joined
- CloudPanel virtual directory is linked to an IIS Application Pool that is running under a domain admin or a user that has rights to modify/create/delete objects in Active Directory. (Should be DOMAINUSERNAME)
- The user account in the settings page for CloudPanel contains DOMAINUSERNAME
- The user account in the settings page matches the user account running on the IIS Application Pool
this is the log.
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Code.ValidateClaims — Validating permissions for company code Hydra and role DeleteUser
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Code.ValidateClaims — Checking if user is a super admin
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Modules.UsersModule — Opening connection to delete user for Hydra
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Modules.UsersModule — Validating parameters
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Modules.UsersModule — Getting company code and userprincipalname for Hydra
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Modules.UsersModule — Getting user d06a6de8-0c21-4f5d-81a4-f477c76b4eea from database
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.Modules.UsersModule — Deleting d06a6de8-0c21-4f5d-81a4-f477c76b4eea from Active Directory
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.ActiveDirectory.ADUsers — Retrieving the PrincipalContext…
2015-09-23 09:15:57,833 ::: [9] DEBUG ::: CloudPanel.ActiveDirectory.ADUsers — Attempting to retrieve user d06a6de8-0c21-4f5d-81a4-f477c76b4eea
2015-09-23 09:15:57,896 ::: [9] ERROR ::: CloudPanel.ActiveDirectory.ADUsers — Failed to delete user d06a6de8-0c21-4f5d-81a4-f477c76b4eea. Exception: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsDeleteOps.DeleteObject(Int32 flags)
at System.DirectoryServices.DirectoryEntry.DeleteTree()
at CloudPanel.ActiveDirectory.ADUsers.Delete(Guid userGuid)
2015-09-23 09:15:57,896 ::: [9] DEBUG ::: CloudPanel.Modules.UsersModule — Error deleting user: System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAdsDeleteOps.DeleteObject(Int32 flags)
at System.DirectoryServices.DirectoryEntry.DeleteTree()
at CloudPanel.ActiveDirectory.ADUsers.Delete(Guid userGuid)
at CloudPanel.Modules.UsersModule.<.ctor>b__5d(Object _)
And you are seeing the same error in the logs when trying to delete a certain user:
System.UnauthorizedAccessException: Access is denied.
?
I’m on 3.1.0805
Can you please tell me which version you are running?
