|
| |||||||||
| Tags: attribute, readwrite |
Sponsored Links
Giving access to AD user attribute read/write
Active Directory
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: attribute, readwrite |
|
| | Thread Tools | Search this Thread |
|
#1
21-02-2010
| |||
| |||
| Giving access to AD user attribute read/write Hi, We have to give the permission to read/write msIIS-FTPDir and msIIS- FTPRoot AD user attributes for all users under an OU (or to all users belonging in a security group) to a particular AD user. How can this be accomplished? Regards, Drazen  |
|
#2
22-02-2010
| |||
| |||
| Re: Giving access to AD user attribute read/write
Howdie! Drazen wrote: > We have to give the permission to read/write msIIS-FTPDir and msIIS- > FTPRoot AD user attributes for all users under an OU (or to all users > belonging in a security group) to a particular AD user. > How can this be accomplished? The easiest way to do that is right-click the target OU and choose "Delegation of Control...". A wizard starts. You can then go select the priviledged AD user account you want to give permissions to and create custom tasks you want to delegate to that user. One of the options is to select AD attribute the user is allowed to read/write to. That is one method. Others involve "Active Directory Users and Computers" with "Advanced Features" view enabled or ADSIEdit both with the Security Tab of the OU. Cheers, Florian |
|
#3
22-02-2010
| |||
| |||
| Re: Giving access to AD user attribute read/write
On Feb 22, 11:39*am, "Florian Frommherz [MVP]" <flor...@frickelsoft.net> wrote: > Howdie! > > Drazen wrote: > > We have to give the permission to read/write msIIS-FTPDir and msIIS- > > FTPRoot AD user attributes for all users under an OU (or to all users > > belonging in a security group) to a particular AD user. > > How can this be accomplished? > > The easiest way to do that is right-click the target OU and choose > "Delegation of Control...". A wizard starts. You can then go select the > priviledged AD user account you want to give permissions to and create > custom tasks you want to delegate to that user. One of the options is to > select AD attribute the user is allowed to read/write to. > > That is one method. Others involve "Active Directory Users and > Computers" with "Advanced Features" view enabled or ADSIEdit both with > the Security Tab of the OU. > > Cheers, > Florian Florian, thank you for your answer. I have tried what you said, however after I tried to use Delegation wizard on OU and came to "Permissions" part, I could choose "General", "Property-specific", "Creation/deletion of specific objects". Choosing any or all of those options hasnt exposed the needed attributes (msIIS- FTPDir and msIIS-FTPRoot), they are just not here on the list. I am able to set security on a specific user in that OU in a way to grant read/write on needed attributes, by visiting Security tab of specific user. So for now I can only do this user-by-user which is not an option for me. Regards, Drazen |
|
#4
23-02-2010
| |||
| |||
| Re: Giving access to AD user attribute read/write
Howdie! Am 22.02.2010 17:06, schrieb Drazen: > Florian, thank you for your answer. > I have tried what you said, however after I tried to use Delegation > wizard on OU and came to "Permissions" part, I could choose "General", > "Property-specific", "Creation/deletion of specific objects". Choosing > any or all of those options hasnt exposed the needed attributes (msIIS- > FTPDir and msIIS-FTPRoot), they are just not here on the list. I am > able to set security on a specific user in that OU in a way to grant > read/write on needed attributes, by visiting Security tab of specific > user. > So for now I can only do this user-by-user which is not an option for > me. Did you actually turn on the "Advanced Features" in ADUC? If so, you should be able to select the attributes when activating "Property specific". Cheers, Florian |
|
#5
24-02-2010
| |||
| |||
| Re: Giving access to AD user attribute read/write Indeed I have. However the needed attributes (msIIS-FTPDir and msIIS- FTPRoot) are only on user level, not on OU or security group level. Regards, Drazen On Feb 22, 10:48*pm, Florian Frommherz <flor...@LEAVETHISOUT.frickelsoft.net> wrote: > Howdie! > > Am 22.02.2010 17:06, schrieb Drazen: > > > Florian, thank you for your answer. > > I have tried what you said, however after I tried to use Delegation > > wizard on OU and came to "Permissions" part, I could choose "General", > > "Property-specific", "Creation/deletion of specific objects". Choosing > > any or all of those options hasnt exposed the needed attributes (msIIS- > > FTPDir and msIIS-FTPRoot), they are just not here on the list. I am > > able to set security on a specific user in that OU in a way to grant > > read/write on needed attributes, by visiting Security tab of specific > > user. > > So for now I can only do this user-by-user which is not an option for > > me. > > Did you actually turn on the "Advanced Features" in ADUC? If so, you > should be able to select the attributes when activating "Property specific". > > Cheers, > Florian |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Giving access to AD user attribute read/write" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Unable to delete read-only attribute folder - access denied | Regine | Windows Security | 9 | 09-04-2011 09:18 AM |
| Software required to restrict the read and write access from CD/DVD Drives | Judah | Windows Software | 3 | 30-11-2010 05:55 AM |
| Grant read/write to a specific custom AD attribute? | hume.spamfilter@bofh.ca | Active Directory | 1 | 09-12-2009 05:46 AM |
| Change Read-Only Attribute | William Colls | Vista Help | 2 | 18-02-2008 05:53 AM |
| How to toggle between read-only and read-write in Word 2007 | Avogadro | MS Office Support | 2 | 13-02-2008 04:26 AM |
