Active Directory Users and Computers Icon Changes Based on Logged-On User


When different users view user and computer objects in the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, they may see different icons representing user and computer objects. Specifically, some users may see the red "x" icon that denotes a disabled account, while others do not.


This behavior is caused by the client having insufficient permissions on the objects in the Active Directory that represent the users or computers being displayed. When this occurs, the Access Control List (ACL) that defines which permissions which users and groups have on the object does not permit the user to read the Active Directory attribute that contains the status of the account.


To work around this behavior, place the user in a group that has (or is explicitly given) at least Read permissions on the userAccountControl attribute of the object being viewed.


This behavior is by design.

Article ID: 227512 - Last Review: Feb 25, 2007 - Revision: 1