Three part question for the group. One of the good things about AD is the ability to use it to centralize information about users and providing an access method for other users. By filling in the fields in the ADUC - first name, last name, phone number, email address etc, you make this information available to others via AD.
Anyone in the domain or forest can access this information by going to (using XP or 2000) the search feature and looking in Active Directory. Like I said. This is a good thing. My question is how do you control it? First. If you have information in the ADUC that you only want selected individuals to access, how do you configure it so that it is not viewable by users using the search feature? Second. If you have specific users you do NOT want to be viewable at all in the search feature, how do you block that? Third. If you have multiple domains, can you set the security in such a way as to block what other domains would see? For instance, in my domain I may want the users to be able to see all the information, but when users from other domains search, they should only be able to see the name, phone number, and email address. A fourth bonus question. Is it possible to set the permission on the search feature so that users if they look up their own information can modify it, but no one else (other than administrators of course) can change it? I'm assuming that all of this is possible via security settings, but I don't know where. A guide to the where these specific information can be found would also be great. Any help would be greatly appreciated. Cheers Steve List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
