Man, read/write to  useraccountcontrol seems to enable  a user to delete a
mailbox too.

 

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, December 06, 2005 8:44 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Delegate disable/enable user accounts

 

read/write permission on the useraccountcontrol attribute of the user
object.

 

HOWEVER...

the disabled/enabled status of a user object is represented by a bit/flag in
the useraccountcontrol attribute and that same attribute consists of more
bits/flags. So if you delegate read/write permission on the
useraccountcontrol, you delegate control on all of the bits/flags
represented in that useraccountcontrol attribute. It may not be what you
want

 

Cheers,

Jorge


 

  _____  

Van: [EMAIL PROTECTED] namens Douglas M. Long
Verzonden: di 6-12-2005 14:19
Aan: ActiveDir@mail.activedir.org
Onderwerp: [ActiveDir] Delegate disable/enable user accounts

Does anyone know off the top of their head the permissions required for
delegation of disabling and enabling user accounts, or have a link? Google
is failing me...or rather me failing google 

This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.


<<attachment: winmail.dat>>

Reply via email to