If for some reason you want to delegate the use of some attribute and that attribute is not listed in the in the property/attribute specific list, then that attribute is hidden from being viewed. To be able to use that attribute in the delegation of control wizard on THAT SPECIFIC DC, open DSSEC.DAT in %WINDIR%\SYSTEM32, search for the attribute you want to use (make sure you are making changes under the correct [OBJECT]) and change the value 7 to a value 0 (zero). Save DSSEC.DAT and RE-OPEN Active Directory Users and Computers. Before doing this make copy of the original DSSEC.DAT (e.g. DSSEC.DAT.ORG) and after doing this make a copy of the changed DSSSEC.DAT (e.g. DSSEC.DAT.CUST) (if for some reason a hotfix or SP replaces the file you have lost your changes)
In your case look for physicalDeliveryOfficeName=7 under [user] after setting this to 0 you will see it in the deleg wizard. jorge ________________________________ From: [EMAIL PROTECTED] on behalf of Freddy HARTONO Sent: Tue 2006-02-07 02:52 To: [email protected] Subject: [ActiveDir] Delegating attribute in property Set (Personal Information set) Hi all, Im trying to delegate the "Office" field shown in aduc - which actually maps to "physicalDeliveryOfficeName" field in AD. However via the gui this options seems to be hidden and seems like its part of a Personal Information property set. Would dsacls does delegation for this particular attribute only? Been trying it but getting errors :) Some lights to sheds perhaps? Thank you and have a splendid day! Kind Regards, Freddy Hartono Group Support Engineer InternationalSOS Pte Ltd mail: [EMAIL PROTECTED] phone: (+65) 6330-9785 This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
