Honestly, I wouldn't mind if that nasty method was available in AD. Then when you kicked out admins, it really meant they were kicked out. They call that security versus false sense of security. The whole creator/owner thing is a giant get out of jail free card but it can be used for or against you.
Maybe they should allow that get out of jail free, but it requires some super duper method to do it that an admin can't go off in a corner and quickly and easily do. Obviously that won't happen even in the Longhorn Time Frame as it would require a very large change in the ACL paradigm currently in place. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hunter, Laura E. Sent: Monday, February 07, 2005 1:25 PM To: [email protected] Subject: RE: [ActiveDir] Fun with delegated permissions. Rats, sorry about the obvious question. I was having "operating system interference" from Novell NDS, since there actually -was- a way to rather nastily lock yourself out of portions of the NDS tree by doing that. (Why this interference happened just now, I don't know, since I haven't touched an NDS box for the better part of 5 years. Welcome to Laura's brain, please visit the gift shop on your way out.) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, > Hunter > Sent: Monday, February 07, 2005 1:17 PM > To: [email protected] > Subject: RE: [ActiveDir] Fun with delegated permissions. > > If Domain Admins is the owner of Test1, then they can change > permissions on the OU. > > If Domain Admins is not the owner of Test1, you'll have to grab that > first. Right-click the OU, go to Properties, Security, Advanced, click > on the Owner tab, and grab ownership. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
