Thanks, Steve. Database size isn't much of an issue - it's like 100meg right now.In any case, the reason for my question in the first place is that the blasted employeeID attribute isn't in the list in the ACL editor. Domain is 2k native --Brian
-----Original Message-----
From: Steve Patrick [mailto:[EMAIL PROTECTED]
Sent: Mon 8/30/2004 12:02 AM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [ActiveDir] ACL Attribute
Hi Brian
Be careful about adding acls to the domain head like this - it can result in
a large increase to the size of your database (in Win2k - 2k3 fixes this via
an improved single instance store)
As for your how to...
Go to the domain head - properties, security.
Go to Advanced, click ADD and add Group1
Click on EDIT and the properties tab
Click on the Apply Onto drop down and select USER obejcts
Find READ\ WRITE Employee ID and ACL as you wish.
-steve
----- Original Message -----
From: "Brian Desmond" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 29, 2004 4:34 PM
Subject: [ActiveDir] ACL Attribute
> I need to ACL the employeeID attribute in AD such that only a group I
specify can read it. I'm scratching my head here because if I go to the top
level of my Domain NC in Adsiedit, goto security, there's no employeeID in
the list of attributes. I've selected the child objects scope. Is there a
trick to making hte attribute magically appear or something?
>
> --Brian
> .+-w i 0g-íí+Yb mPi 0 -íí+b Úf.+-j! 0j! or yïíIãV+v*
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
