|
I saw the other responses to this question and I think they
may be a bit premature.
The workstation is a member of the domain but is the user a
domain user or a local user of the workstation? I.E. Where does the user exist,
on the workstation or on the domain?
If the latter, then yes, the domain user *should* generally
be able to see members of AD groups, however that is completely predicated on
permissions in the directory.
If the former, most likely no, the user can not see objects
in the AD through her own security context as they have no security context on
the domain other than unauthenticated. If they are, however of sufficient power
on the workstation to execute something with localsystem or networkservice
permissions, they can enumerate AD objects through that channel from the
workstation.
joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sergio S�nchez Trujillo Sent: Thursday, February 03, 2005 3:09 AM To: Lista ActiveDirectory ([email protected]) Subject: [ActiveDir] Members of a group in AD Hello, I would like to know, if a user in a
Workstation that is in a domain, could see the member of Active Directory's
groups, for example in a command line or across windows
interface. Thanks,
Sergio S�nchez
|
- RE: [ActiveDir] Members of a group in AD joe
- RE: [ActiveDir] Members of a group in AD Sergio S�nchez Trujillo
