Re: Setting rights on an AD account using vb
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2007 10:56:13 -0500
Albert Kikkert wrote:
I'm looking for a way to set security rights on an active diectory user
account using Vbscript.
The thing is, we have a lot of users (12.000) in one OU and we have
multiple account operators.
However we don't want ALL operators to be able to manage all accounts.
Creating sub-OU's is not an option because users can have multiple jobs in
our company and consequently have multiple operators.
Therefore I want to be able to give account operators rights on accounts,
but ONLY the ones I want them to manage.
I found that I could get the security information using the
"ntSecurityDescriptor" object, but I cannot find anything to set them.
If anyone could post up a code snippet or at least point me in the right
direction I'd really appreciate it.
I have an example VBScript program that assigns the deny permissions
required so a user cannot change their password linked here:
http://www.rlmueller.net/Cannot%20Change%20PW.htm
This demonstrates the techniques involved for assigning any permissions. The
following example removes these permissions, which allows the user to change
their password:
http://www.rlmueller.net/Can%20Change%20PW.htm
Check kb 269159 for info on when re-ordering ace's is required. I believe it
is not needed if your client is XP or W2k3:
http://support.microsoft.com/kb/269159
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- References:
- Setting rights on an AD account using vb
- From: Albert Kikkert
- Setting rights on an AD account using vb
- Prev by Date: Re: Get ADsPath W2K user
- Next by Date: Re: Get ADsPath W2K user
- Previous by thread: Re: Setting rights on an AD account using vb
- Next by thread: Delete Parent registry key based on subkey data
- Index(es):
Relevant Pages
|
Loading
