I want to prevent a collection of administrative users from deleting certain objects/containers etc.... now I could set up some more acl's on these objects or I suppose that I could wander off and buy a product off the shelf to offer that protection. But looking at it some of these products do some simple things within the directory.
So I had a quick dig and found that in theory I could modify the systemFlags on an object to protect it from deletion. Like the flags that are sat on the builtin container....
1> systemFlags: 0x8C000000 = ( FLAG_DISALLOW_DELETE | FLAG_DOMAIN_DISALLOW_RENAME | FLAG_DOMAIN_DISALLOW_MOVE );
Ahh but theory and practice become two different things. If you try and edit this attribute then pretty much every utility throws a wobbly. So now I'm curious... possibly a bad thing.... is there a way to actually modify the attribute?
