Does this provide any permissions above and beyond changing group membership ? For example, can the person/group that's been named in the manageBy box do anything else to the group, such as rename it, delete it, etc. ?
I hope not, 'cause if it ONLY allows management of the membership list it could be quite useful for a particular need I have at the moment... Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Wednesday, April 27, 2005 2:19 AM To: 'joe '; '[EMAIL PROTECTED] '; 'ActiveDir@mail.activedir.org ' Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? Hi, >>That being said, that tab will not let you specify a >>group, it only looks at users and contacts and will only allow you to >>specify one. In W2K3SP1 this changed. It is possible to specify a group in the managedBy and allow it change groupmembership by checking the checkbox #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: 4/27/2005 1:31 AM Subject: RE: [ActiveDir] More than 1 user having 'managed by' for a group? The managedBy attribute doesn't bestow any rights upon the owner, it just is an attribute that links the user and group together for easy querying. Later versions of ADUC added functionality by letting you specify that ADUC should add an ACE for the principal specified for managedBy but that is two separate operations. That being said, that tab will not let you specify a group, it only looks at users and contacts and will only allow you to specify one. However all of that being said, you can easily add an ACE to the group for any other groups or users directly to the group itself, you want to add (and yes I know this makes no sense) the "Add/Remove self as member" permission. Sort of like dsacls GROUP_DN /I:T /G "domain\secprin:WS;Add/Remove self as member" Or through a script. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, April 26, 2005 7:16 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] More than 1 user having 'managed by' for a group? Hi all, Is it possible to get multiple accounts to be able to perform update of group membership (under the managed by) - both distribution list and security groups? Thanks in advance! Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
