Re: Active Directory object permissions
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 11/12/04
- Next message: Thor Vanden Reysen: "RE: Syntax for querying a domain name mycompany (no dot anything)"
- Previous message: Mark Clark: "RE: Authentication question"
- In reply to: Wayne Gore: "Re: Active Directory object permissions"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 12 Nov 2004 09:50:21 -0700
This data comes from displaySpecifiers. See
http://support.microsoft.com/default.aspx?scid=KB;EN-US;290999.
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Wayne Gore" <WayneGore@discussions.microsoft.com> wrote in message news:863D1A75-CFE5-4EC4-A52A-3437AD55EC82@microsoft.com... > Hi Dmitri > > This was just what I needed. > Now I just have one more small problem with this. > > Unfortunately the attributes are not called the same in dssec.dat as they > are when they appear when applying the security. > Surname is for instance called "sn" in the dssec.dat file and "Last Name" > when you set the security. > > Do you know of any documentation which shows the correlation between the > attribute name in the file, the name when applying security and possibly the > field name in user accont properties window? > > I'm for instance looking for the attribute to enable a user to modify the > "Country/Region" field that you can see in the user account properties window. > > Cheers > Wayne > > "Dmitri Gavrilov [MSFT]" wrote: > > > Ah, I see. It's filtered. Interesting First Name is not filtered, but Last > > Name is. > > See http://support.microsoft.com/default.aspx?scid=KB;EN-US;296490 > > > > Another option is to use dsacls.exe. > > > > -- > > Dmitri Gavrilov > > SDE, Active Directory Core > > > > This posting is provided "AS IS" with no warranties, and confers no rights. > > Use of included script samples are subject to the terms specified at > > http://www.microsoft.com/info/cpyright.htm > > > > "Wayne Gore" <WayneGore@discussions.microsoft.com> wrote in message > > news:DD6DDE72-8D4F-4937-A5F7-4386A054A160@microsoft.com... > > > Hi Dmitri > > > > > > Thanks for your answer. > > > > > > The problem is that this is exactly what I have been trying to do. > > > When I go into the Properties tab and select "User object" in the apply to > > > field then I can see a whole range of properties and property sets. > > > > > > However, "Surname" does not appear there. > > > Nor does a whole range of other properties associated with a user object. > > > > > > By the way, I have a Windows 2000 network. > > > > > > Cheers > > > Wayne > > > > > > "Dmitri Gavrilov [MSFT]" wrote: > > > > > > > You can assign permissions to specific properties (as opposed to > > propsets). > > > > Last name is sn attribute. First name is givenName attribute. Goto > > Advanced > > > > in security, add a new ACE, the list of properties is in the second tab > > in > > > > the dialog. Note you may need to select "apply to users" -- this affects > > the > > > > list of attributes and propsets displayed. > > > > > > > > -- > > > > Dmitri Gavrilov > > > > SDE, Active Directory Core > > > > > > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > > Use of included script samples are subject to the terms specified at > > > > http://www.microsoft.com/info/cpyright.htm > > > > > > > > "Wayne Gore" <WayneGore@discussions.microsoft.com> wrote in message > > > > news:6A58F478-DC6C-4887-9DB2-3E70FA1FA72C@microsoft.com... > > > > > Hi > > > > > > > > > > I would like to give a certain user permission to read and write to > > the > > > > user > > > > > account properties "First Name" and "Last Name". > > > > > > > > > > When I look in "Special Permissions" for user objects in the specific > > OU > > > > > then I can't find the property "Last Name". > > > > > > > > > > Why is that and how can I set the permission I want on this property? > > > > > > > > > > I found some information saying that I could reach the property > > "Surname" > > > > if > > > > > I assigned the user Write-permissions on the property set "Personal > > > > > Information". > > > > > This property set includes a whole range of properties that I do not > > wish > > > > to > > > > > give the user write permissions to. > > > > > > > > > > What to do? > > > > > > > > > > Regards > > > > > Wayne > > > > > > > > > > > > > > > > > >
- Next message: Thor Vanden Reysen: "RE: Syntax for querying a domain name mycompany (no dot anything)"
- Previous message: Mark Clark: "RE: Authentication question"
- In reply to: Wayne Gore: "Re: Active Directory object permissions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
