o I dislike the fact that I cannot delegate a "move object" without also delegating the ability to DELETE that object.
o I dislike the fact that it isn't simple to create 'event sinks' to monitor/audit specific actions in AD. o I dislike the fact that pw policies aren't OU specific (I'm sure I'm the ONLY one <grin>) o I dislike the fact that downlevel logon names must be unique and I can't turn support for downlevel names off once my 'world' is all Win2K and later... because that means, from a *practical* perspective, that user and group CNs must also be unique. Once I have all Win2K and later clients, I'd like to be able to have a Managers group in the Sales OU and a Managers group in the Finance OU without having to have long nasty group naming conventions like Sales_Managers and Finance_Managers; or do something heinous like have the downlevel name and the CN be *different*. o I would like saved queries to be saved in AD o I REALLY REALLY REALLY would like query-based group membership Wow ... I feel so much better now! List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
