Re vlv: Possibly, though I don't really care how it's done. Mostly, it's just the smarts required in the UI to be able to display just the part of the list I'm looking at rather than cramming all of the data into the various UI widgets and letting them fend for themselves. Vlv is a tool in the toolbox. I think it's more a question of smart UI design than brute force.
Re explicit ACE references: What I mean is say I have a group. I want to know at with points in the AD that group is referred to in an ACL. I want to know what object it was applied to and what rights were allowed or denied. I don't want to see any of the inherited stuff, just the places where I may want to modify or remove it. What would be really nice would be a get a list of all the places where user accounts were added explicitly to ACLs so I can get rid of them all. Wook -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, January 13, 2006 7:08 AM To: [email protected] Subject: RE: [ActiveDir] ADUC updates - Was Expired Accounts > Allow ADUC to handle larger numbers of objects in a container without > running like a snail. Are you thinking vlv here Wook? > I'd like an interface that will allow me to query for where a particular > security principal is referred to in an explicit ACE on an ACL. Could you flesh this one out a little more, I can interprete that in a couple of ways. Possibly give a concrete example? The rest I believe I understand. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee, Wook Sent: Thursday, January 12, 2006 10:44 PM To: [email protected] Subject: RE: [ActiveDir] ADUC updates - Was Expired Accounts Here are some of my ADUC pet peeves and wish-list items. Let's have an expert's mode where we don't change the names of the attributes things that are "user-friendly" like calling samAccountName "User logon name (pre-Windows 2000)", Kind of a cross between ADUC and ADSIedit or like that E55 admin utility in RAW mode. Allow ADUC to handle larger numbers of objects in a container without running like a snail. I'd like to be able to multi-select a bunch of objects and have a UI to change all the common attributes that are modifiable. I'd like an interface that will allow me to query for where a particular security principal is referred to in an explicit ACE on an ACL. I'd like an extension of the Advanced Security dialog that allowed me to specify a security principal, highlight a right and click a button to find out how/why that principal has that right. I'd like an easy way to search by managedBy that didn't require full DNs. I'd like to be able to specify the canonical name and have it figure out the DN for me. That's because canonical name is copy-able from the UI. Use the disabled account icon for disabled accounts that show up in the find object dialog results pane. Wook -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 12, 2006 8:18 AM To: [email protected] Subject: RE: [ActiveDir] ADUC updates - Was Expired Accounts Your starter for 10: [Dean will explain this, joe :) ] Add context menu options below out of the box: 1. Unlock User (user context menu) 2. Unlock all users (OU context menu) neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 12 January 2006 15:22 To: [email protected] Subject: RE: [ActiveDir] ADUC updates - Was Expired Accounts Well, ok, lets do this. Everyone who has an idea for a change to ADUC post to the ideas to this thread. Don't be shy, you may have thought of something no one else would think of that once seeing it would go this is very cool. Then when the thread seems to die (or some point after that when I catch up :oP ) I will summarize to make sure I understand and then post to LadyBug as improvements that could be made. Also, you may or may not be shocked to hear that many of the folks working on the stuff in Redmond actually watch this list on a regular basis too so they may see it directly. I know the conversation we had previously about suggested improvements to AD was watched pretty closely and generated several DCRs without me even arguing with anyone. So let's hear it. First item on the table is different icons flagging accounts (and I am stating this generically) that are not currently live. This includes disabled, locked, expired passwords, expired accounts? Would this be better to add maybe as additional columns that you could tell the GUI to sort on? Or the icons are best? Note to Dean: This is D's bailywick now isn't it? I think I recall us having this conversation at BB. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Thursday, January 12, 2006 9:18 AM To: [email protected] Subject: RE: [ActiveDir] Expired Accounts I believe it would be helpful if different icons could be used for disabled accounts, expired account, expired password, etc. Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, January 12, 2006 7:51 AM To: [email protected] Subject: RE: [ActiveDir] Expired Accounts Philosophical question really. How do you want the GUI to present things to you. The developers or whomever wrote the spec for the developers didn't feel it should. You also have to ask if accounts with locked passwords should show up that way and define if you mean expired accounts or expired passwords on accounts and whether or not you would differentiate them in that marking. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Thursday, January 12, 2006 8:35 AM To: [email protected] Subject: [ActiveDir] Expired Accounts Shouldn't expired accounts show up with a red X just like a disabled account? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
