Check out Ryan's take on it...
-- http://dunnry.com/blog/msDsUserAccountControlComputedNotSoSpiffy.aspx
--Paul
----- Original Message -----
From: "David Aragon" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 01, 2006 11:49 PM
Subject: [ActiveDir] Different (open)LDAP Question
Without getting into the politics involved that got us here, suffice it to
say that someone with a lot of political clout, no Windows or Active
Directory experience (though considerable MAC/OS X experience), and a PhD
at
the end of their name, made a decision to deploy openLDAP and Active
Directory would be fed with information through a connector written
specifically for that purpose.
For the most part this works well. We have developed a web page that
allows
users to change passwords, incorporated various (homegrown) connectors to
provide for single sign-on to most services, network drives, etc., all
platform independent, allowing users to freely move from Windows (~85%
total
number of systems) to MAC OS-X systems (~15% total number of systems)
using
the same set of credentials. One of the few areas where issues have arisen
is in the changing of a users status. I have told them to modify
userAccountControl, the programmers (connector is written in oCamel so
there
is a separate group that handles this) have decided that
msDs-User-Account-Control-Computed is the correct attribute to use in
order
to enable, disable, lock, unlock, etc. a user account.
Can someone from this group tell me the differences between these
attributes
and which would be the correct one to use for the stated purposes?
David Aragon
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
