Man, read/write to  useraccountcontrol seems to enable  a user to delete a
mailbox too.



[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, December 06, 2005 8:44 AM
Subject: RE: [ActiveDir] Delegate disable/enable user accounts


read/write permission on the useraccountcontrol attribute of the user



the disabled/enabled status of a user object is represented by a bit/flag in
the useraccountcontrol attribute and that same attribute consists of more
bits/flags. So if you delegate read/write permission on the
useraccountcontrol, you delegate control on all of the bits/flags
represented in that useraccountcontrol attribute. It may not be what you






Van: [EMAIL PROTECTED] namens Douglas M. Long
Verzonden: di 6-12-2005 14:19
Onderwerp: [ActiveDir] Delegate disable/enable user accounts

Does anyone know off the top of their head the permissions required for
delegation of disabling and enabling user accounts, or have a link? Google
is failing me...or rather me failing google 

This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

<<attachment: winmail.dat>>

Reply via email to