问题描叙

通過委派方式授予被委派用戶full control 权限后，部分用户unlock是灰色显示：

根因

对比能正常unlock与无法unlock的用户，发现繼承無法unlock的用戶沒有"enable inheritance"

解決方法：

• 找出inheritance被disabled的用户
• 为这些用户enable inheritance

# Find all users with inheritance disabled (adminCount = 1) and enable inheritance
Get-ADUser -Filter * -Properties adminCount | Where-Object {
$_.adminCount -eq 1 
} |foreach-object {
 # Get the user’s distinguished name
$userdn=$_.distinguishedname
$acl=get-acl -path "AD:$userdn"
$acl.SetAccessRuleProtection($false,$true)
set-acl -path "AD:$userdn" -aclobject $acl

# Optionally, reset adminCount to 0
set-aduser -identity $_ -clear admincount
write-output "Enabled ineritance for user: $($userdn)"
}