|
Excellent, thanks Rick.
Also I
just realized that the Enterprise Admin group was nested in Account
Operators. That might have something to do with it as well. I say this only
because as soon as I removed that nesting things started breaking again. It
seems that this started to occur right after installing Exchange 2000 and
that seemed to have really torked something up with the ACL's, it is almost like
some of my groups got non-canonical format ACL structures and the only people
with rights into those groups for seeing membership were Account Operators and
Exchange Servers. Quite strange. You wouldn't expect something like that, or at
least I wouldn't. Where is the logic in setting an ACL that way... Kind of like
security by obscurity. Eschew obfuscation I always try to say and only succeed
when I am a case into the weekend and not listening to myself any longer.
Keep
me in the loop on your discoveries, we may have found a serious thing here,
especially with class Yada.
joe
--
Joe
Richards Microsoft MVP Windows Server / Active Directory
"There
are few who deny, at what I do, I am the best, for my talents
are renowned far and wide.
When
it comes to surprises in the moonlit night, I excel without ever even
trying."
- Jack Skellington
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Saturday, October 18, 2003 5:48 PM To: [EMAIL PROTECTED] I'm glad that I was finally able to show you something -
given everything that you've taught me over the years. I find it
interesting, however, that you had to add the Enterprise Admins group at the
forest level. I did find that adding the Domain Users to the Schema was
helpful, it now takes away that annoying problem where I have to create schema
entries for all of the apps that they write. Now, they are free to do it
themselves.
I guess that I'm going to have to study the ACLs at the
forest level and determine the E-A issue. I'm not sure why that's
happening, but there has to be a rational solution.
I'll let you know what I find.
Rick Kingslan MCSE, MCSA, MCT From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Saturday, October 18, 2003 4:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP'ing a computer object in AD I've
found that if I add Domain Users to the Schema and Enterprise
Admins groups of my forest, it seems to work. You also have to be careful
to only use NULL for any SD references. Thanks for the help!
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Saturday, October 18, 2003 5:06 PM To: [EMAIL PROTECTED] Joe - Yep..... I'm sure.
You're sure you're using the release version,and not one of
the betas? This method was added very late in the process,
right about the same time that the class 'Yada:' was added, along with the
function 'whatever (var middle-finger, str [EMAIL PROTECTED] you)'.
Try adding all hotfixes, SP's, any updates to the
Framework. If that doesn't work - just give up. That's what most
developers would do anyway.
;P
Rick Kingslan MCSE, MCSA, MCT From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Saturday, October 18, 2003 9:28 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP'ing a computer object in AD Rick I
am getting unknown identifier when I try that. What am I doing
wrong?
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kingslan, Rick T. Sent: Friday, October 17, 2003 9:26 AM To: [EMAIL PROTECTED] 'blah, blah, blah' was added as a new method in VB.Net
in Visual Studio .Net 2003. It should compile just fine. The default
behavior is to simply not work at all.
;oD
Rick Kingslan MCSE, MCSA, MCT
|
Title: Message
- RE: [ActiveDir] LDAP'ing a computer object in AD Shawn.Hayes
- RE: [ActiveDir] LDAP'ing a computer object in AD Michael B. Smith
- RE: [ActiveDir] LDAP'ing a computer object in AD Pennell, Ronald B.
- RE: [ActiveDir] LDAP'ing a computer object in AD Creamer, Mark
- RE: [ActiveDir] LDAP'ing a computer object in AD Michael B. Smith
- RE: [ActiveDir] LDAP'ing a computer object in AD Joe
- RE: [ActiveDir] LDAP'ing a computer object in AD Rick Kingslan
