RE: [ActiveDir] hiding a field from global catalog

[Douglas M. Long]

Well, the problem with only hiding the GAL is that information still exists if anyone does an ldap query. Since I don’t have an answer to your question, I will just tell you what we are doing.   If a student elects to exercise either FERPA or the Buckley amendment, there name is nowhere in active directory. We use a different field to uniquely identify them (such as a social security number---now we don’t actually use the SS, that is just an example….something that should only be known by them). Then we create a generic username for them, such as user1 (which is off course cross referenced with the unique identifier). We also hide the user totally from the GAL, not just specific fields. This makes them totally anonymous (the purpose of FERPA) unless someone has access to records containing the unique identifying, in which case, you have still upheld your commitment because you didn’t give the person access to that information. Does this make sense?       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Wednesday, August 18, 2004 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] hiding a field from global catalog   That is part of it…   Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA  18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Wednesday, August 18, 2004 2:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] hiding a field from global catalog   Rick,               Would this happen to be for compliance to FERPA?     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gasper, Rick Sent: Wednesday, August 18, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] hiding a field from global catalog     HI all, I need to hide a field from AD (windows 2003/exchange 2003) from displaying in the GAL from exchange. Ideally, I could block all students from seeing one or two fields and allow all staff to view that field. (company name or company number as an example)   I tried to set permissions using adsi edit and that did not seem to work (deny students read) but that didn’t seem to work.     TIA,   Rick Gasper Manager, Network Services King's College 133 N. River St Wilkes-Barre PA  18711 PH: 570-208-5845 Fax: 570-208-6072 Cell: 570-760-0335 [EMAIL PROTECTED]