No, useraccountcontrol mainly holds the fields you see in the checkboxes of
the account tab, such as logon with smardcard, must not change password


You can not delegate deletion of mailboxes in AD only, you also need to give
rights in the exchange store as well.


Gruesse - Sincerely, 

Ulf B. Simon-Weidner 

  MVP-Book "Windows XP - Die Expertentipps":  <>
  Weblog:  <>
  Website:  <>


[mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long
Sent: Tuesday, December 06, 2005 4:09 PM
Subject: RE: [ActiveDir] Delegate disable/enable user accounts


Man, read/write to  useraccountcontrol seems to enable  a user to delete a
mailbox too.



[mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto,
Jorge de
Sent: Tuesday, December 06, 2005 8:44 AM
Subject: RE: [ActiveDir] Delegate disable/enable user accounts


read/write permission on the useraccountcontrol attribute of the user



the disabled/enabled status of a user object is represented by a bit/flag in
the useraccountcontrol attribute and that same attribute consists of more
bits/flags. So if you delegate read/write permission on the
useraccountcontrol, you delegate control on all of the bits/flags
represented in that useraccountcontrol attribute. It may not be what you






Van: [EMAIL PROTECTED] namens Douglas M. Long
Verzonden: di 6-12-2005 14:19
Onderwerp: [ActiveDir] Delegate disable/enable user accounts

Does anyone know off the top of their head the permissions required for
delegation of disabling and enabling user accounts, or have a link? Google
is failing me...or rather me failing google 

This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.

<<attachment: winmail.dat>>

Reply via email to