Hi,
We have to give the permission to read/write msIIS-FTPDir and msIIS-
FTPRoot AD user attributes for all users under an OU (or to all users
belonging in a security group) to a particular AD user.
How can this be accomplished?
Regards,
Drazen
Hi,
We have to give the permission to read/write msIIS-FTPDir and msIIS-
FTPRoot AD user attributes for all users under an OU (or to all users
belonging in a security group) to a particular AD user.
How can this be accomplished?
Regards,
Drazen
Howdie!
Drazen wrote:
> We have to give the permission to read/write msIIS-FTPDir and msIIS-
> FTPRoot AD user attributes for all users under an OU (or to all users
> belonging in a security group) to a particular AD user.
> How can this be accomplished?
The easiest way to do that is right-click the target OU and choose
"Delegation of Control...". A wizard starts. You can then go select the
priviledged AD user account you want to give permissions to and create
custom tasks you want to delegate to that user. One of the options is to
select AD attribute the user is allowed to read/write to.
That is one method. Others involve "Active Directory Users and
Computers" with "Advanced Features" view enabled or ADSIEdit both with
the Security Tab of the OU.
Cheers,
Florian
On Feb 22, 11:39 am, "Florian Frommherz [MVP]"
<flor...@frickelsoft.net> wrote:
> Howdie!
>
> Drazen wrote:
> > We have to give the permission to read/write msIIS-FTPDir and msIIS-
> > FTPRoot AD user attributes for all users under an OU (or to all users
> > belonging in a security group) to a particular AD user.
> > How can this be accomplished?
>
> The easiest way to do that is right-click the target OU and choose
> "Delegation of Control...". A wizard starts. You can then go select the
> priviledged AD user account you want to give permissions to and create
> custom tasks you want to delegate to that user. One of the options is to
> select AD attribute the user is allowed to read/write to.
>
> That is one method. Others involve "Active Directory Users and
> Computers" with "Advanced Features" view enabled or ADSIEdit both with
> the Security Tab of the OU.
>
> Cheers,
> Florian
Florian, thank you for your answer.
I have tried what you said, however after I tried to use Delegation
wizard on OU and came to "Permissions" part, I could choose "General",
"Property-specific", "Creation/deletion of specific objects". Choosing
any or all of those options hasnt exposed the needed attributes (msIIS-
FTPDir and msIIS-FTPRoot), they are just not here on the list. I am
able to set security on a specific user in that OU in a way to grant
read/write on needed attributes, by visiting Security tab of specific
user.
So for now I can only do this user-by-user which is not an option for
me.
Regards,
Drazen
Howdie!
Am 22.02.2010 17:06, schrieb Drazen:
> Florian, thank you for your answer.
> I have tried what you said, however after I tried to use Delegation
> wizard on OU and came to "Permissions" part, I could choose "General",
> "Property-specific", "Creation/deletion of specific objects". Choosing
> any or all of those options hasnt exposed the needed attributes (msIIS-
> FTPDir and msIIS-FTPRoot), they are just not here on the list. I am
> able to set security on a specific user in that OU in a way to grant
> read/write on needed attributes, by visiting Security tab of specific
> user.
> So for now I can only do this user-by-user which is not an option for
> me.
Did you actually turn on the "Advanced Features" in ADUC? If so, you
should be able to select the attributes when activating "Property specific".
Cheers,
Florian
Indeed I have. However the needed attributes (msIIS-FTPDir and msIIS-
FTPRoot) are only on user level, not on OU or security group level.
Regards,
Drazen
On Feb 22, 10:48 pm, Florian Frommherz
<flor...@LEAVETHISOUT.frickelsoft.net> wrote:
> Howdie!
>
> Am 22.02.2010 17:06, schrieb Drazen:
>
> > Florian, thank you for your answer.
> > I have tried what you said, however after I tried to use Delegation
> > wizard on OU and came to "Permissions" part, I could choose "General",
> > "Property-specific", "Creation/deletion of specific objects". Choosing
> > any or all of those options hasnt exposed the needed attributes (msIIS-
> > FTPDir and msIIS-FTPRoot), they are just not here on the list. I am
> > able to set security on a specific user in that OU in a way to grant
> > read/write on needed attributes, by visiting Security tab of specific
> > user.
> > So for now I can only do this user-by-user which is not an option for
> > me.
>
> Did you actually turn on the "Advanced Features" in ADUC? If so, you
> should be able to select the attributes when activating "Property specific".
>
> Cheers,
> Florian
Bookmarks