I just tested this and yes it did indeed work for me. I would fully expect it to. It isn't anything magical about ADUC, that is AD Delegation functionality at work there and normal ACLs.
I even used the Self well known security principal as the managing group. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, May 09, 2005 1:40 AM To: [email protected] Subject: [ActiveDir] Group ManageBy 'feature' in SP1 does not work? Hi Someone here (sorry can't remember who) posted that in 2003 SP1, we are able to put a Group to manage a group and update membership. I've been testing that and I'm kinda stuck - after assigning a group & ticking "Manager can update membership list" - the user in that group is unable to manage the other group. Groupname to be managed: group1 Groupname to manage: group2 (username1 is a member of group2) Under Managed By tab of group1 - I assign a group group2 and ticked Manager can update membership list Login as username1 and I am UNABLE to add or modify any members (if I assign directly to a user account it works) Eventhough it doesn't work - dsacls shows that group2 is assigned the correct rights which is SPECIAL ACCESS for Add/Remove self as member (defined as WP;member) Anyone has tested this functionality and get this to work yet? I'm trying to achieve group to self managed its member - meaning any member of the group can add/remove/modify membership list (group1 to be managed by group1). Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
