I use AD to centralize several types of informations.
COntrol, management, info and other WITHOUT using 3d part SW or utility.
It was hard at the beginning but it's possible.
MSDN and technet this e-mail list and several sites that you will find with samples and/or utilities.
Four examples:
1) centralized eventlog capture,archiving and retrieval,reporting in SQL datbase AD published.(Visual basic, visual c++ and AD
2) central repository of articles, snippet, help on -line, utilities, memorandum, capture move, automa works etc. all in internal www site that you read and use by web browser
3) Terminal remote administration by TS or Netmeeting or VINC or other utilities driven by web paged
4) Extension AD to make (or have) other active directory services (the real 2000 applications not the 'normal' application that are projected as well as NT/95/98 compliant and after run in 2000 pseudo-mode)
But all with non exaustive documentation by Microsoft
But it's possible
Bye Stephan
From: "Bell, Stephen" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
Subject: [ActiveDir] Controlling information shared/viewable by Active Directory
Date: Wed, 2 Apr 2003 11:45:42 -0800
Three part question for the group.
One of the good things about AD is the ability to use it to centralize information about users and providing an access method for other users. By filling in the fields in the ADUC - first name, last name, phone number, email address etc, you make this information available to others via AD.
Anyone in the domain or forest can access this information by going to (using XP or 2000) the search feature and looking in Active Directory.
Like I said. This is a good thing.
My question is how do you control it?
First. If you have information in the ADUC that you only want selected individuals to access, how do you configure it so that it is not viewable by users using the search feature?
Second. If you have specific users you do NOT want to be viewable at all in the search feature, how do you block that?
Third. If you have multiple domains, can you set the security in such a way as to block what other domains would see? For instance, in my domain I may want the users to be able to see all the information, but when users from other domains search, they should only be able to see the name, phone number, and email address.
A fourth bonus question. Is it possible to set the permission on the search feature so that users if they look up their own information can modify it, but no one else (other than administrators of course) can change it?
I'm assuming that all of this is possible via security settings, but I don't know where.
A guide to the where these specific information can be found would also be great.
Any help would be greatly appreciated.
Cheers
Steve
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
