Hi Mike, Try the following:
DSACLS <DN of OU> /G <NetBios DOMAIN name>\<samaccountname of security principal>:ca;"Generate Resultant Set of Policy (Planning)" e.g. DSACLS OU=ORG,DC=INFRA,DC=LOCAL /G INFRA\GLOBALGROUP:ca;"Generate Resultant Set of Policy (Planning)" DSACLS <DN of OU> /G <NetBios DOMAIN name>\<samaccountname of security principal>:ca;"Generate Resultant Set of Policy (Logging)" e.g. DSACLS OU=ORG,DC=INFRA,DC=LOCAL /G INFRA\GLOBALGROUP:ca;"Generate Resultant Set of Policy (Logging)" Regards, Jorge -----Original Message----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 26-10-2004 21:40 Subject: [ActiveDir] DSACLS question Is there any way to "automate" the delegation of "Generate Resultant Set of Policy (Planning)" and "....(Logging)" to a global group via DSACLS? If not, is there another tool that can do it? I'm trying to develop a repeatable method to set up our RBAC delegation across all AD domains. I've been able to use DSACLS to delegate just about everything else, but this. Thanks, Mike ******************* PLEASE NOTE ******************* This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
