Re: Write Privileges For OU Contacts
- From: "mp" <mpapet@xxxxxxxxx>
- Date: 15 Aug 2006 08:45:52 -0700
Ace,
Thanks for the reply, currently they are connecting via default LDAP
settings in Outlook.
Those settings are:
Port 389
Search base: ou=salescontacts, dc=organization,dc=com
user account has the ability to create objects in the directory.I attempted to do it two ways, one with a GPO and the other a delegate
authority. In both instances, I used a group (ex. salesgroup) then
added users to that group.
Are you suggesting I need to give each user the authority and eliminate
the group and its authority? Maybe the answer has to do with using the
InetOrg object?
I can't find any Microsoft documentation on the search base key word
use like ou= and dc= other than what others have done. I wouldn't mind
passing admin credentials in the search base options because none of
the users would ever touch it. cn=administrator creates an error
condition.
It appears I can't nest ou's either. ex. In AD if I create OU's
AllContacts>SalesContacts because "ou=AllContacts, ou=SalesContacts"
or ou=AllContactsSalesContacts doesn't work.
I don't want to get off topic, but the owner sees no benefit to running
AD. How they use network services appears the same as if they were
back in the workgroup. So, they sank a couple grand into something
that works the same, is more complex to run, has onerous license terms
and CAL costs. They feel fooled once on AD and won't touch Exchange as
a result. To respond to what is a contradiction, my first job is to
use the tools given and try to salvage some of their sunk costs.
Thanks for all of your help so far, if you want to start a separate
topic on why the company doesn't like AD, please say so. Otherwise,
please focus on my attempt to allow users to create contacts.
Ace Fekay [MVP] wrote:
In news:1155591226.949781.116260@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
mp <mpapet@xxxxxxxxx> stated, which I commented on below:
Hi,
I'm attempting to set up an Organizational Unit OU address book in an
AD2003/Outlook 2003 environment that members of the OU can add/delete
contacts.
I've got the OU set up and the Outlook 03 client working fine for
read-only.
When I attempt to add a contact to the OU contact list, Select
Names>Advanced>New> Option LDAP directory it tells me "You cannot
create entries for this address book"
I've attempted the following:
1. Delegate authority: Full Control to the group of users in the OU.
2. Create a GPO with Full Control and then adding the OU group of
users to the GPO.
Both deny creation of new contacts from the Outlook clients.
Note: Exchange is not an option. They are already dissatisfied with
AD.
Any help is greatly appreciated.
If you are using an LDAP directory, I would look at how the users are
connecting (with or without SSL), and authenticating and if that user
account has the ability to create objects in the directory. Also, if AD is
your LDAP directory, in Outlook make sure you've configured the ldap
distinguished name path to the OU. Check your port number too, it should be
389. If it is is 3268, then you are trying to write to the GC, but that's
only a read-only subset used for searching.
Curious, why are they unhappy with AD? Honestly, an not trying to be a
salesmen or anything else for AD/Exchange, but this is the first time I've
heard this. I know there are some quarkes in 2000 concerning ldap attributes
and communication with other ldap services such as Netscape, Cold Fusion,
etc, but that was cleared up in 2003 AD with the InteOrgPerson attribute.
But for the most part, I usually hear how much easier it is and how it
integrates well with Windows and the Office apps for easier productivity.
But I would rather hear it from you why the dissatisfaction.
--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- Follow-Ups:
- Re: Write Privileges For OU Contacts
- From: Ace Fekay [MVP]
- Re: Write Privileges For OU Contacts
- References:
- Write Privileges For OU Contacts
- From: mp
- Re: Write Privileges For OU Contacts
- From: Ace Fekay [MVP]
- Write Privileges For OU Contacts
- Prev by Date: Re: AD test network question
- Next by Date: Re: Change local cached domain user password
- Previous by thread: Re: Write Privileges For OU Contacts
- Next by thread: Re: Write Privileges For OU Contacts
- Index(es):
Relevant Pages
|
Loading
