Ever get bit by the AdminSDHolder functionality? Ok I know some of you have because I have responded to I don't know HOW many questions on this thing over the last couple of years and then after I spouted about it several other times I know several others such as Rick[1] and Deji and JoeK and others echoed that info again and again.
Well anyway, did it ever bother you that you could have that cool functionality but have no control over it? I.E. MS decided who it got applied to thank you very much? Well now they have sort of fixed it, check out the recently updated http://support.microsoft.com/default.aspx?scid=KB;EN-US;817433 Skip the typoes like the extra 11 in step 11. There is now a fix to allow you to specify which built in groups it (AdminSDHolder) gets applied to. Now I am not one for bitflags, I think we all learned our lesson with userAccountControl but hey, this is ok for now for me. I wouldn't mind seeing a future version where you get to specify what groups (both builtin and other) get impacted by what adminsdholder objects (i.e. allow for multiple objects and you specify by name which objects security gets applied to which groups...). Hopefully we will get something like that in the, ahem, Long Horn Time Frame. So anyway, why mention this? Primarily because I think it is cool. I love it when MS listens to the death cries of people in the field and makes a change to make their life easier. Plus ~Eric IM'ed me about it and figured, heck if he IM'ed me it MUST be important. :o) Plus he put the responsibility on me to get the word out. He said that if someone said they didn't know that they should have talked to me because I knew. I don't need that kind of responsibility so I am delegating it (heh AD humour) to you all. Oh yes, I have been quiet lately. Just busy with some goofy stuff at work and finding bugs in AD and Exchange and other things. I might write up a few of them for the list though I do accept donations to make me stop typing so if billg is reading, call me. Finally started working on an update for adfind, no, no CSV option yet. Had to fix a couple of bugs. Also I am trying to dig up a perl script I had for converting adfind output to CSV for a stop gap. I may rewrite it as I am not doing well finding it. :o) joe [1] You absolutely can't tell Rick anything, it goes everywhere once you do... List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
