You want to reset an object’s ACL to the one defined in the schema for the object’s object class.
This is available only in the Windows Server 2003 version of the ACL Editor.
Open the ACL Editor. You can do this by viewing the properties of an object (right-click on the object and select Properties) with a tool, such as Active Directory Users and Computers (ADUC) or ADSI Edit. Select the Security tab. To see the Security tab with ADUC, you must select View → Advanced Features from the menu.
Click the Advanced button.
Click the Default button.
Click OK twice.
> dsacls <
For more on the default security descriptor, see Recipe 14.11.