I want to manipulate the properties of some users for testing puroposes with 'adsiedit.msc'. Is there a way to get full access to edit these values.
For example i need to edit the lastLogon or userAccountControl values, but i am getting these errors:
Error when changing the lastLogon value
Error when changing the userAccountControl value
Is there a way to do that with or without the ADSI-Editor?
No, you can't.
Some attributes are reserved and only the OS can manage them. Active Directory is not simply a user database, it also manages user authentication: you can't simply make some user account behave as it was someone else (SID / SID History), or fake user activities (such as last logon).
Also, there are no supported ways to manually edit the Active Directory database (ntds.dit); and even if those existed, AD replication would immediately tag those changes as just plainly wrong.
Whatever you are trying to achieve, it doesn't comply with AD specifications and should not be done.
Some attributes are are owned by the system and can never be updated through other methods. https://support.microsoft.com/en-us/kb/276382. That is the cause of your first "lastLogon" error.
The other error looks like an access denied message (0x5), 4003 is another error for INSUFF_ACCESS_RIGHTS. Try making the change with a more powerful account to modify the target object. Manually tweaking the UAC bitmask value can be complicated. Most of the time you change these values through the "Account Properties" field on the "Account" tab in ADUC (Active Directory Users & Computers) tool.
