|
I think he’s referring to the
DACL. The objects that represent the Exchange Store objects in AD require some
fancy SD flag to see them (Exchange Read or something like that?). Otherwise,
they are not visible, even to Domain Admins. I have no idea why these need to
be hidden, but that’s what it is. Another thing to be wary of is if you
have lots of users on a store, your backlink attribute value may actually be
quite large and you may need to use range retrieval to get all the values.
Normally, this only ever happens with group membership, but in our environment
we need to take this into account. I agree overall that building some kind
of a map of who is on what store is best done by scrubbing these objects and
using the BLs though. Our super load-balanced automatic Exchange provisioning
system uses this technique under the hood to build its underlying data model.
Works great! Joe K. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells OK, so is there a reason
that I'm missing as to why we can't use the BL'd attribute? -- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. |
- Re: [ActiveDir] Indexing an attribute joseph.e.kaplan
- Re: [ActiveDir] Indexing an attribute Tony Murray
- RE: [ActiveDir] Indexing an attribute Holland Matthew BC GB
- RE: RE: [ActiveDir] Indexing an attribute deji
- RE: RE: [ActiveDir] Indexing an attribute listmail
- RE: [ActiveDir] Indexing an attribute Eric Fleischman
- RE: [ActiveDir] Indexing an attribute listmail
- RE: [ActiveDir] Indexing an attribute joseph.e.kaplan
