That checkbox is determined by whether or not the person in the "Managed By" field has an Access Control Entry (permissions) that allows that person access to modify the object inherently in AD (i.e. it's not a Property per se like "ManagedBy", "ADsPath", etc).
I am working on perl code to add perms for the managed by of an object, but in it's current form it doesn't have any logic built in to verify that we are not adding an ACE that already exists (duplication) and I want to get that working prior to releasing the code. I'll probably have this written later today and tested. Not that I currently have a need for this functionality presently, but I thought it was a good exercise and something I wanted to get working. This Perl script is based on some VBScript to set the perms found at the URL below (and some code I have cobbled together through the years). FYI Giving credit where credit is due (VBScript to set the required perms): http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/20 03_Server/Q_22004020.html Steven ________________________________ From: Joachim Thuau [mailto:[email protected]] Sent: Wednesday, December 01, 2010 4:26 PM To: 'A F'; Steven Manross; [email protected] Subject: RE: Problem creatign group with email address using Win32::OLE You can figure out most mapping for properties by using a LDAP browser, and using a single account to figure out how that works. Sysinternals also has a tool for doing "AD diffs", which might help you figure it out! Thanks, Jok From: [email protected] [mailto:[email protected]] On Behalf Of A F Sent: Wednesday, December 01, 2010 1:39 PM To: Steven Manross; [email protected] Subject: Re: Problem creatign group with email address using Win32::OLE Hi Guys, It is me again trying to keep this group alive :-) I can assign a owner to the group but I cannot figure out how to enable "Manager can update Membership List" checkbox in AD? $group->Put("managedBy","'CN=some user,OU=some ou,DC=somedomain,DC=com"); Can someone help? _______________________________________________ Perl-Win32-Admin mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
