Re: Less Informaion Availiable in LDAP on SBS than Server 2003

It would have to be R2 to get schema 31, Cris

OP, While you might upgrade the schema on SBS to v31 note that a SBS R2 server does not have all the same interoprability componets and services installed that Server 2003 R2 has (unfortunatly).

OP, What method & manner were you using to query the SBS R2 (with adrprep V31 schema) for those attributes?

--
/kj
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:eq3Hbb$GIHA.5328@xxxxxxxxxxxxxxxxxxxxxxx
When you referred to W2k3 in your Original Post for the comparison, was the standard server "R2"?

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"cleopold73" <cleopold73@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:40C4829D-B447-4DEA-B94C-12D48C77E7C2@xxxxxxxxxxxxxxxx
The real problematic attributes for us are the unix related ones like
uidNumber loginShell, unixHomeDirectory, which are there after upgrading to
Schema 31 on SBS, but can not be seen by a proxy ldap user created as
referenced in the "Windows Security and Directory Services for UNIX Guide"

These UNIX attributes are availiable to a non-administrator account under a
plain 2003 R2 instance, but not availiable to a non-administrator account SBS
R2 with Schema 31.

The reason I stayed away from the UNIX reference in the first post, is I was
hoping to appeal to a broader audience to understand why LDAP under SBS hides
some attributes when queried by non-administrative accounts.

Thanks

Corey

"Cris Hanna [SBS-MVP]" wrote:

> Maybe if you give us a better idea of what you want to accomplish, we can provide "Plan B".
>
> I don't have an explanation of why its different.
>
> --
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "cleopold73" <cleopold73@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:C0E28A74-7115-4499-BF53-F4E417BF7199@xxxxxxxxxxxxxxxx
> Using an LDAP browser authenticated with a non-Administrative account user
> attributes like accountExpires, whenChanged, lastLogoff, cannot be seen on a
> SBS. On a default install of Server 2003 R2 we can see these attributes as a
> non-privileged user via LDAP. What is the difference in SBS that causes this?
>
> We do see all the attributes if using an Administrative account to bind to
> LDAP.
>
> We would like to not have to use an administrative account to query these
> attributes.
>
> Thanks
>
> Corey

Relevant Pages

  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... but can not be seen by a proxy ldap user created as ... but not availiable to a non-administrator account SBS ... > Microsoft MVPs ...
    (microsoft.public.windows.server.sbs)
  • Re: Less Informaion Availiable in LDAP on SBS than Server 2003
    ... I am querying the attributes with this tool, which is just a generic LDAP ... Controller to the SBS domain, and the ldap permissions problems replicate ... causing us not to be able to query the UNIX attributes from the ... but not availiable to a non-administrator account SBS ...
    (microsoft.public.windows.server.sbs)