Hi Joe, Yes you're right.. Template account works along with ADUC and that is the limit. I thought first of usng ADUC because it was so easy to have these attributes copied from a template account. I did not think for large accounts creation where ADUC will not be accurate. :) Yann
________________________________ De: [EMAIL PROTECTED] de la part de joe Date: mar. 02/08/2005 00:38 À: [email protected] Objet : RE: [ActiveDir] Attribute default This requires a template account and a tool that knows to use the template account or the user has to specify copy in ADUC. This schema mod does not directly enforce anything anywhere. It simply tells tools that care to check that these attributes should be among those copied, I think ADUC may be the one and only. ADSI scripts for instance will completely ignore this unless you write the custom code to do it. At that point, it is easier just to make the script have the rule in it. I don't really recommend making this schema mod because I don't really recommend people use ADUC for seriously managing AD. It is designed more to be a one off check this or that tool in my mind. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Monday, August 01, 2005 6:04 PM To: [email protected] Subject: RE : [ActiveDir] Attribute default Hello, I you want a fixed value of an attribute to be copied while duplication of an account, you *must* extend the schema as a requirement. By default when you duplicate an account, its memberof attribute and others I don't not remind ;( , is/are also duplicate, so that the new account inherit those attributes from the "model" account. In your example, you can predefined the Outlook mobile access to disable for a user account. Go to MMC Schema, search for the "msExchOmaAdminWirelessEnable" attribute, right click on it and check the box "the atribute is copied during duplication of user account" -> sorry but my MMC is in french, so my translation into english is a bit horrible, but i hope enough comprehensive :-) Next click OK, and right click "Your schema NC [your_dc.domain.com]", and click "reload the schema". Then, the configuration will take effect. Certains attributes, called system attributes, have the checkbox disable so you can not activate the feature. BUT, i share joe's advice about rather user a provisionning/deprovisonning system, which seems to be safer and proper :) Hope it helps, Yann ________________________________ De: [EMAIL PROTECTED] de la part de Figueroa, Johnny Date: lun. 01/08/2005 23:05 À: [email protected] Objet : RE: [ActiveDir] Attribute default Let me be more specific. If you look at the "Exchange Features" tab in ADUC, there are 3 attributes for "Mobile services" Outlook mobile access, User initiated synch and upt-todate-notifications which are all set to "Enabled". I have a script to reset the existing users to "Disabled" but also want that to be the default when an ID is created. Thanks... Sorry for the 2 part. -----Original Message----- From: Figueroa, Johnny Sent: Monday, August 01, 2005 1:59 PM To: '[email protected]' Subject: Attribute default We are trying to change an AD user Attribute so that new users created get a default value. How would I start to try to do that? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/Listaspx <http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
