This
is an example of why it would be nice if the object GUID of the security
principal that performed the write was included in the metadata for
the modified object. I mentioned this to one of the AD developers
during the MEC AD Community session, and he said he would take it back to the AD
team.
On
a related note, if the object GUID of the writer was included in the
metadata, then all that would be needed to have a complete change log history of
objects stored in the metadata would be the before and after
values of modified attributes. Granted, this could greatly
increase the size of the DIT, especially over time, but I think it would be cool
to have as an option ;-) And yes some of this can be done with the dirsync
control and change notifications, but it would be nice if it was stored directly
in AD.
Robbie
Allen
|
Title: Message
- RE: [ActiveDir] LDAP Display Name for ... Jones, Rick J.(Desktop Engineering)
- RE: [ActiveDir] LDAP Display Name... Rick Kingslan
- [ActiveDir] Granular permissi... Andy Grafton
- RE: [ActiveDir] LDAP Display Name... Robbie Allen
- RE: [ActiveDir] LDAP Display ... Rick Kingslan