I concur with Al, best solution is to set up a fixed
provisioning process, usually an automated system that does all of the work.
There is no generic mechanism to set what values will be populated on an object
regardless of creation mechanism. The tools being used will most often control
the values populated. Other than that, the system will have various defaults for
unpopulated attributes which you have no control over.
There is a copy attribute flag you can set on the schema
def of an object in case you "copy" one object to another, but ADUC is the only
interface that I think follows it. It certainly isn't enforced at the underlying
levels.
The only alternatives to a provisioning system that I can
think of are to make sure whomever does the work configures the account properly
or having a tool constantly watching for the bad value and resetting it to what
you want.
joe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Al Mulnick
Sent: Wednesday, January 04, 2006 9:55 AM
To: [email protected]
Subject: Re: [ActiveDir] Change the way in which a default user is created
Sent: Wednesday, January 04, 2006 9:55 AM
To: [email protected]
Subject: Re: [ActiveDir] Change the way in which a default user is created
Typically, this is done with script or other process vs. MMC or other
native means.
I don't honestly know where that setting is enabled/disabled/or the default
value is determined. Knowing the past Exchange thinking, that would be in the
DLL's laid down during installation (of the RUS and possibly in the MMC for
administration) but IIRC, that type of setting doesn't even get set (one way or
the other) until after the RUS touches it.
My preference would be to do away with the Exchange native admin tools
(ADU&C) and use custom scripts. I get better error and logging control as
well as finer control over settings.
The cost is that it's more complex to do this and adds a layer of support I
may not want to incur.
If there's a way to change that setting holistically, to find it would
require somebody who has source code access to comb through. Support
hasn't so far http://support.microsoft.com/?kbid=830188
else they only published the workaround anyway.
Most Exchange administrative related issues like this have workarounds that
involve scripts. Leads me to believe this one only has that option and that it's
better to go with it vs. trying to get them to publicly document where this can
be manipulated in the directory.
Al
On 1/4/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] >
wrote:
Thanks Al. Here's an example:msExchOmaAdminWirelessenable
The default value is 1 and I would like to change the default value to 0.
Assume user objects are created using MMCs, the ADC, LDAP syncs and other processes.
neil
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Al Mulnick
Sent: 04 January 2006 14:04
To: [email protected]
Subject: Re: [ActiveDir] Change the way in which a default user is created
Neil, can you expand that? Defaults are stored all over the place including in DLL's, in the directory etc. Most of the logic is going to be stored in the DLL's for the tool however.Which attribute?al
On 1/4/06, [EMAIL PROTECTED] < [EMAIL PROTECTED] > wrote:Happy New Year to you all!
I have been asked if the schema can be altered such that users when created have attributes set in a certain way.
For example, when a user is created, a certain Exch attribute has value 'TRUE' by default. The desired result is that the attribute value be set to 'FALSE' by default, when new users are created.
Is this possible via a schema mod or are more powerful tools required which can enforce business rules, such as ActiveRoles etc? I suspect the latter, but then the question got me wondering 'where are the defaults "stored" which are used to create an object?'
TIA,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plcPLEASE READ: The information contained in this email is confidential andintended for the named recipient(s) only. If you are not an intendedrecipient of this email please notify the sender immediately and delete yourcopy from your system. You must not copy, distribute or take any furtheraction in reliance on it. Email is not a secure method of communication andNomura International plc ('NIplc') will not, to the extent permitted by law,accept responsibility or liability for (a) the accuracy or completeness of,or (b) the presence of any virus, worm or similar malicious or disablingcode in, this message or any attachment(s) to it. If verification of thisemail is sought then please request a hard copy. Unless otherwise statedthis email: (1) is not, and should not be treated or relied upon as,investment research; (2) contains views or opinions that are solely those ofthe author and do not necessarily represent those of NIplc; (3) is intendedfor informational purposes only and is not a recommendation, solicitation oroffer to buy or sell securities or related financial instruments. NIplcdoes not provide investment services to private customers. Authorised andregulated by the Financial Services Authority. Registered in Englandno. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,London, EC1A 4NP. A member of the Nomura group of companies.
PLEASE READ: The information contained in this email is confidential andintended for the named recipient(s) only. If you are not an intendedrecipient of this email please notify the sender immediately and delete yourcopy from your system. You must not copy, distribute or take any furtheraction in reliance on it. Email is not a secure method of communication andNomura International plc ('NIplc') will not, to the extent permitted by law,accept responsibility or liability for (a) the accuracy or completeness of,or (b) the presence of any virus, worm or similar malicious or disablingcode in, this message or any attachment(s) to it. If verification of thisemail is sought then please request a hard copy. Unless otherwise statedthis email: (1) is not, and should not be treated or relied upon as,investment research; (2) contains views or opinions that are solely those ofthe author and do not necessarily represent those of NIplc; (3) is intendedfor informational purposes only and is not a recommendation, solicitation oroffer to buy or sell securities or related financial instruments. NIplcdoes not provide investment services to private customers. Authorised andregulated by the Financial Services Authority. Registered in Englandno. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,London, EC1A 4NP. A member of the Nomura group of companies.
