"Some people on the list are reviewers, so they may be able to comment on its usefulness"
=> extremely useful. Besides the main whitepaper which is gives you the background knowledge you need to have to understand how delegation works in the first place, it contains a wealth of reference information in various appendices (most notably a List of Administrative Tasks incl. which permissions are required on which objects to perform the task) /Guido -----Original Message----- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 2. Oktober 2003 22:00 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] hello and a question There is a white paper coming from Microsoft "soon" (like in the next couple of weeks) that contains everything you could possibly want to know about delgation and access rights in AD. Some people on the list are reviewers, so they may be able to comment on its usefulness. -g Gil Kirkpatrick CTO, NetPro -----Original Message----- From: Free, Bob [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] hello and a question The best treatment of the Delegation Wizard I have seen so far is in a book by Sakari Kouti and Mika Seitsonen "Inside Active Directory" http://www.kouti.com/ Must have book IMHO. You can download some tables from their website that would probably help you with the attribute mapping- http://www.kouti.com/tables/userattributes.htm You can look at (and customize) the delegwiz.inf to see what it is doing 'under the hood', some aditional insight can be found in 308404 - HOWTO: Customize the Task List in the Delegation Wizard: http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B308404 If you really want to get a good handle on it I would get the book. -----Original Message----- From: Shadow Roldan [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] hello and a question Excellent. The delegation wizard definitely seems to be where I need to be. Is there any resource I can look at to help me identify what these objects actually are? I am currently unable to identify what I should be delegating control of? I have no idea what these objects actually represent. Such as the "Contact objects" or "address type objects" or the "msExchAdressListServiceContainer Objects. Maybe one of you fine people can tell me which objects I need to accomplish my goals :) Thanks! Shadow -----Original Message----- From: Fosselman, Susan [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 9:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] hello and a question Shadow, Welcome Shadow. I am new to the list, too. You should be able to accomplish this with delegations. Right click an OU that has user objects that you want to have your admins maintain, and choose delegate control. The delegation wizard has some common tasks that you can delegate, or you can choose custom tasks to delegate various levels of control of specific attributes. Either way, the result is that the wizard will configure the ACL of the object properties to establish the control you are looking for. You can see the results on the security tab of the object properties. Susan Fosselman EDS - NMCI Messaging / Directory Services Engineer 3970 Sherman Street San Diego, CA 92110 Office: 619-817-3594 email: [EMAIL PROTECTED] -----Original Message----- From: Shadow Roldan [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] hello and a question Hi I'm new to the list so excuse me if I come across as a lame-o! We have a win2k environment w/ exchange 2k. There's only one little problem I'm having with active directory, we would like to have our Admins (read administrative assistants, not sys-admins) do the chores of maintaining the active directory user information. i.e, updating a user's business phone, cell phone, address, etc. However, this person cannot have access to change anything else, such as disabling an account, adding an email address etc. I cannot, for the life of me, figure out how to assign permissions just so... Any advice would be greatly appreciated. -- Shadow Roldan IT Manager Zero G Software, Inc. tel:� 1-415-512-7771 x306 cell:� 1-415-370-3782 mailto: [EMAIL PROTECTED] www.ZeroG.com The leading provider of multi-platform software deployment solutions. -- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
